Warning! Maggie malware has affected 250 Microsoft users; What should you do?
A new hazardous malware has been found by security researchers, which is targeting Microsoft SQL servers. Sadly, this backdoor malware named Maggie has already contaminated hundreds of Microsoft users all over the world. Security researchers Johann Aydinbas and Axel Wauer from the DCSO CyTec have spotted this malware which is more prevalent in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and the United States. Security experts say that it is controlled through SQL queries that command and interact with the files of the system. The more worrying part is that it doubles as a bridgehead into the server's network environment.
The analysis of the malware has revealed that the malware is digitally signed by DEEPSoft Co. Ltd, a company that appears to be based in South Korea, the BleepingComputer report mentioned. "The variety of commands supported by Maggie allow querying for system information, executing programs, interacting with files and folders, enabling remote desktop services (TermService), running a SOCKS5 proxy, and setting up port forwarding," a report from DCSO CyTec explained.
The cybersecurity researchers also mentioned that the command list includes four exploits, which indicated that the online attackers must rely on some known vulnerabilities, for example, a new user. Unfortunately, the security analysts couldn't test the exploits for now, as they seem to depend on an additional DLL that is not shipped with malware Maggie.
“In addition, the backdoor has capabilities to brute force logins to other MSSQL servers while adding a special hard coded backdoor user in the case of successfully brute forcing admin logins. Based on this finding, we identified over 250 servers affected worldwide, with a
Read more on tech.hindustantimes.com
