According to Cointelegraph, a new malware named PG_MEM has been discovered, targeting databases to install cryptocurrency mining software. This malware poses a threat to over 800,000 PostgreSQL-managed databases, particularly those with weak passwords.

Cloud-native cybersecurity company Aqua revealed that PG_MEM is installed following a brute force attack that identifies a weak password on a PostgreSQL-managed database. PostgreSQL is a widely-used object-relational database management system, with a significant number of databases connected to the internet. Notably, nearly 300,000 of these databases are located in the United States, and over 100,000 are in Poland.

Once the attacker gains access to a database, they create a new user with login capabilities and high privileges. The malware then downloads two files from the attacker's server, conceals its presence, and blocks other potential attackers from exploiting the database's computing resources. This issue is prevalent due to misconfigurations and inadequate identity controls, leading to weak passwords on internet-facing PostgreSQL databases.

The operational malware connects to a mining pool, utilizing the host's computing resources along with those of other miners to enhance the chances of mining a new block. This type of attack, known as cryptojacking, is becoming increasingly common. Cointelegraph reported a 400% rise in crypto-malware attacks in the first half of 2023 compared to the previous year.

While cryptojacking is a growing concern, there are legitimate ways to harness unused computing capacity. For instance, decentralized cloud infrastructure provider Aethir operates a GPU-as-a-service decentralized physical infrastructure network (DePIN), sourcing compute from tier 3 and tier 4 data centers to offer cost-effective, scalable computing services to its clients.