A new malware called Maggie has affected about 250 Microsoft systems. Here’s everything you need to know.
Security researchers have found a new dangerous malware targeting Microsoft SQL servers. Unfortunately, this backdoor malware called Maggie has already infected hundreds of Microsoft users around the world. Security researchers Johann Aydinbas and Axel Wauer of DCSO CyTec have discovered this malware, which is more common in South Korea, India, Vietnam, China, Russia, Thailand, Germany and the United States. Security experts say it is managed through SQL queries that control and communicate with the system’s files. Most worryingly, it also acts as a bridgehead in the server’s network environment.
The analysis of the malware revealed that the malware was digitally signed by DEEPSoft Co. Ltd, a company that appears to be based in South Korea, according to the BleepingComputer report. The variety of commands supported by Maggie makes it possible to query system information, run programs, communicate with files and folders, enable remote desktop services (TermService), disable a SOCKS5 proxy and set up port forwarding,” explains a report from DCSO CyTec.
The cybersecurity researchers also mentioned that the command list contains four exploits, indicating that the online attackers have to rely on some known vulnerabilities, for example a new user. Unfortunately, the security analysts were unable to test the exploits for now, as they appear to rely on an additional DLL that does not ship with Maggie malware.
In addition, the backdoor has the ability to force brute-force logins to other MSSQL servers, while adding a special hard-coded backdoor user in case of successful brute-force admin logins. Based on this finding, we have identified more than 250 affected servers worldwide, with a clear focus on the Asia-Pacific region,” the researchers said. However, not much information is available at this time.
What should you do?
It is generally advised to keep your computer and laptop up to date with the latest software and security updates. For a Windows system, all you need to do is select Start, go to Settings, go to the Update & Security option, and check for the latest updates in the Windows Update section. Download it now if available.