Hackers Target PostgreSQL DBs With Coinminer Hidden in Scarlett Johannsson Image

[Faybert]

A new type of attack has been discovered targeting PostgreSQL databases, in which malware authors are using an image of Hollywood actress Scarlett Johansson to hide a cryptocurrency miner they intend to run on the DB's underlying server.

The attack has been observed in a honeypot server ran by Imperva researchers. Experts say crooks gained access to a PostgreSQL database user account, where they executed payloads found in the Metasploit framework's PostgreSQL module.
....
....

Coinminer hidden in benign PNG image
Once attackers escalate their access, the first series of commands they run (listing the server's CPU and GPU details) reveal their true intentions —cryptocurrency mining.

Hackers will then download a PNG file (art-981754.png) from a legitimate image hosting service —imagehousing.com. Researchers say this image (embedded below) portrays famous Hollywood actress Scarlett Johansson, at first glance, but when they looked at the image's binary code, they found a cryptocurrency miner appended after the actual image data.
.....
.....