A dangerous new malware strain has already compromised hundreds of servers

Maggie targets MS SQL servers with quite a few capabilities

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

There is a new malware making rounds, that targetsMicrosoftSQL servers, and is capable of running programs, snooping in on data, brute-forcing its way into other SQL servers, and dozens of other dangerous things.

Themalware, discovered by cybersecurity analysts from DSCO CyTec, was dubbed Maggie. Maggie is distributed by pretending to be an Extended Stored Procedure DLL, a file digitally signed by an alleged South Korean company called DEEPSoft.

Usually, Extended Stored Procedure files extend SQL query functionalities via an API that accepts remote user agreements and works with unstructured data. In Maggie’s case, this functionality is abused to allow threat actors a total of 51 different commands, some of which we already mentioned.

Asian countries targeted

Maggie itself is controlled through SQL queries, that tell it which commands to execute, and which files to use.

According to the researchers, the malware already infected hundreds of endpoints all over the world, most of which are located in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and the United States.

Microsoft SQL servers hit by Cobalt Strike attacks>Microsoft drops plans to support SQL Server on Windows Containers>Here’s our rundown of the best firewalls out there

Knowing the fact that Maggie attacks Microsoft SQL servers and that it has an extensive list of features, it’s safe to assume it was built as a corporate espionage tool. However, researchers were not able to determine who the threat actors behind Maggie are, where they operate from, who they’re targeting, how they succeeded in landing the malware on theseservers, and to what goal.

“In order to install Maggie, an attacker has to be able to place an ESP file in a directory accessible by the MSSQL server, and has to have valid credentials to load the Maggie ESP into the server,” the researchers explained. “It is unclear how an actual attack with Maggie is performed in the real-world.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The full list of so-far identified commands can be found on thislink.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time