Maggie - a new backdoor for Microsoft SQL servers

Maggie - a new backdoor for Microsoft SQL servers

German analysts Johann Aydinbas and Axel Wauer of the DCSO CyTec posted information about a new backdoor targeting Microsoft SQL servers. According to their information, the malware has already infected hundreds of servers, mainly in Asian countries, such as South Korea, India, Vietnam, China, Taiwan, Thailand, and others.

The malware is built as an “Extended Stored Procedure” DLL, used by Microsoft SQL servers. It allows one to control it using SQL queries once uploaded to a server. The backdoor allows the attacker to run commands and work with files. One more of the functions of Maggie is to set up a SOCKS5 proxy. It allows transmission of all the commands required to manage this malware using a proxy server and makes it even less noticeable. Also, the malware creates a network bridge with the infected server. 

In addition, the malware allows the launching of brute-force attacks on other Microsoft SQL servers. If the attack succeeds, it adds a new backdoor user account using hardcoded credentials.

The name was given by the references in the file. It calls itself “sqlmaggieAntiVirus_64.dll”. The only export it provides is also named “maggie”.

So, as can be seen, this malware can be used for many purposes. However, the researchers did not publish any additional information regarding the post-infection usage of the backdoor, how it gets into the system, and who is a beneficiary of those attacks.

Image Credit: Photo by Ed Hardie on Unsplash

Reading next

Cloudflare announced a new alternative to CAPTCHA
Two new security updates are available for Adobe Commerce

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.