Microsoft servers are being hijacked to boost proxies

(Image credit: Shutterstock)

Hackers have been found installing malware on Microsoft SQL servers in order to monetize the endpoints’ bandwidth. 

Findings from Ahnlab discovered a special type of malware, called proxyware, which turns the host device into a proxy server that remote users can use for different things, from testing, to content distribution. 

To incentivize people to use proxyware, the malware owners pay them a portion of the proceedings, and according to the researchers, some can make as much as $6,000 a month for renting out excess bandwidth.

Bundling it with malware

Now, hackers have come up with an ingenious idea, to have proxyware installed on Microsoft SQL servers, and have the earnings funneled to their accounts. Besides for a few hiccups, and a general slowdown in internet speeds, the servers’ owners shouldn’t experience much of a difference, the researchers said. 

Another reason why Microsoft SQL servers are an interesting target for cybercriminals is due to the fact that the endpoints’ IP addresses are not blacklisted. 

In its report, Ahnlab mentioned two separate proxyware variants, Peer2Profit, and IPRoyal. Cybercriminals seem to be distributing these by bundling them up with other adware and malware strains. Once the victim installs the proxyware, the attackers will see it as a newly available proxy, which third parties can use for whatever reason, including criminal activity. 

This campaign has been active since June 2022, the researchers say, adding that proxyware is on the rise, mostly due to its ability to remain undetected for relatively long, earning serious cash for the operators. 

Besides proxyware, MS-SQL users should also be wary of cryptominers, another type of malware that may, or may not, slow down the target device, but will not damage it or render it useless. Cryptominers mine cryptocurrencies for the malware operators, and given the nature of mining, might take up a significant portion of computing power and might rake in hefty electricity bills.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.