Vollgar fills up on cryptocurrency on hacked Microsoft servers

Vollgar is a cybercrime campaign whose name is taken from Vollar, a cryptocurrency undermined by this malicious program through server infection Microsoft SQL. In the past few weeks, 2,000 to 3,000 servers have been infected each week.

Crisis or not, the cryptocurrency mining remains a major activity for cybercriminals. The malicious campaign Vollgar thus relies on the installation of different malware, including an cryptominer.

Security researchers at Guardicore Labs have actually baptized Vollgar this campaign, which began in May 2018. Vollgar is the contraction of Vollar, a cryptocurrency mined by malware, and "vulgar" (Nldr: coarse).

Monero and Vollar mining

The cybercriminals behind these attacks are in fact not delicacy. To infect Microsoft SQL servers accessible from the Internet, hackers use brute force. Using a technique called "brute-force", they can crack the servers' insufficiently strong passwords.

Vollgar has been particularly active in recent weeks with a number of daily infections of between 2,000 and 3,000. The targets, meanwhile, are servers based mainly in China, India, Turkey, South Korea and the United States.

To monetize these infections on a large scale, hackers will notably install a cryptominer, a software mining the Monero and Vollar (combining elements of Monero and Ethereum). And there is no question of sharing the computing power of the machine with other cybercriminals.

As a result, attacker Vollgar is making numerous efforts both to wipe out the activity of other threat actors and to erase their tracks, "observes Guardicore Labs.

Hackers who prevent all competition

And the reason is simple: "Being the only attacker on a machine is powerful – your malware gets the most resources, such as bandwidth and processor power, and access is only available through your back doors. . "

The security firm recalls that it is highly inadvisable to expose database servers on the Internet. However, in the event of an infection, the publisher recommends placing the server in quarantine immediately to prevent further compromises within the network.

Finally, administrators must imperatively implement strong passwords to protect themselves from brute force attacks. Unusual processor usage should also alert them to the presence of a cryptominer.

It is common for cybercriminals to install this type of software to diversify their income. Monero, because of its confidentiality, is thus a cryptocurrency prized by pirates. According to a study published in 2019, nearly 4% of Monero's total supply allegedly extracted by hackers via illegitimate crypto-mining software.