Database administrators urged to tighten security against RAT

Microsoft SQL and MySQL database administrators are being warned to lock down their servers after security researchers discovered a campaign to infect them with a remote access trojan (RAT).

The discovery was made by South Korea-based Ahn Lab, which said in a blog this week that unnamed threat actors are taking advantage of databases with weak credentials to install the Gh0stCringe RAT.

Also known as CirenegRAT, it is one of the malware variants based on the code of Gh0st RAT, which was first discovered in December 2018, says the blog, and it is known to have been distributed via a vulnerability in Microsoft Server Messaging Block (SMB).

Gh0stCringe RAT is a remote access trojan that connects to an attacker’s command and control server, the blog says. The attacker can designate various tasks for Gh0stCringe, as they can with other RAT malware. These include the ability to copy itself to certain paths in Windows, turn on a keylogger, analyze Windows processes and download additional payloads.

“Considering the fact that MySQL servers are targets of attack in addition to MS-SQL servers, it can be assumed that Gh0stCringe targets poorly-managed DB servers with vulnerable account credentials,” say the researchers.

The logs of systems with Gh0stCringe installed show a history of infection from malware such as Vollgar CoinMiner that are distributed through brute force attacks, add the researchers.

Administrators should use passwords that are difficult to guess for their accounts and change them periodically to protect the database server from brute force attacks and dictionary attacks, says the blog. They must also apply the latest patches to prevent vulnerability attacks. If a database server needs internet access, it should be protected by a firewall.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.