Thousands of PostgreSQL servers are being hijacked to mine crypto

Skip to main content
Tech Radar Pro
Tech Radar Gaming
Tech Radar Pro
TechRadar the business technology experts
Search TechRadar
View Profile
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
Expert Insights
Website builders
Web hosting
Best web hosting
Best website builder
Best office chairs
Expert Insights
Thousands of PostgreSQL servers are being hijacked to mine crypto
Sead Fadilpašić
2 April 2025
Hackers are hunting for misconfigured servers, experts warn
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Migliori Bitcoin wallet
(Image credit: Shutterstock / Wit Olszewksi)
Researchers at Wiz spot a new cryptojacking campaign
It has targeted more than 1,500 misconfigured PostgreSQL servers
A variant of the infamous XMRig miner was deployed to try and steal crypto
Hackers are targeting misconfigured and publicly exposed PostgreSQL servers with cryptocurrency miners, rendering them practically unusable as they rake up the electricity bill for the victims, researchers have warned.
Wiz Threat Research experts said the new attack was actually a variant of an already observed, ongoing campaign, as the threat actors (which they call JINX-0126) are targeting PostgreSQL instances configured with weak and guessable login credentials. Once they find them and log in, they deploy the XMRig-C3 cryptominer.
XMRig is a hugely popular cryptominer, since it mines the Monero cryptocurrency, which is generally a lot more difficult to trace, compared to Bitcoin, or other mineable currencies.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)
Mining Monero
A cryptocurrency miner uses up almost all of the device’s compute power, rendering it useless for pretty much anything else. This also means increased electricity consumption, which results in an inflated bill at the end of the month.
Cybercriminals, on the other hand, get Monero sent directly into their wallets, which they can sell on the open market for US dollars, or any other cryptocurrency. In many cases, the money gets spent on other malicious campaigns.
Wiz says that the campaign was first documented by researchers from Aqua Security, but it has since evolved.
The threat actors have allegedly implemented additional defense mechanisms and are deploying the miner filelessly in order to evade being spotted.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The researchers found that the threat actor assigned a unique mining worker to each victim, making it relatively easy to determine how many devices were likely compromised. Based on their analysis, the campaign likely impacted more than 1,500 devices.
“This suggests that misconfigured PostgreSQL instances are highly common, providing a low hanging fruit entry point for opportunistic threat actors to exploit,” they said.
“Furthermore, our data shows that nearly 90% of cloud environments self-host PostgreSQL instances, of which a third have at least one instance that is publicly exposed to the internet.”
Via The Hacker News
You might also like
One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit
We've rounded up the best password managers
Take a look at our guide to the best authenticator app
Sead Fadilpašić
Social Links Navigation
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Latest in Security
Great news everyone! Google is going to let you transfer your passkeys to a new phone
Thousands of PostgreSQL servers are being hijacked to mine crypto
The European Commission wants a backdoor for end-to-end encryptions for law enforcement
Top gig platform service may have leaked over 14 million user files
Palo Alto Networks gateways facing huge number of possible security attacks
Apple just finally patched a whole host of OS security issues on older devices, so update now
Latest in News
Nintendo Switch 2 is bringing back one of the Nintendo DS’s best features
We finally know about the C button on the Nintendo Switch 2 – here’s what it does
While we wait for a Bloodborne remake or sequel, FromSoftware just announced The Duskbloods, a brand new Switch 2 exclusive
'We were old school': A Minecraft Movie's Jared Hess denies using AI to enhance his film adaptation of Mojang's very popular sandbox game
Hulu and Paramount+ order a new Dexter prequel and Handmaid's Tale sequel, giving fans more killer thrills and dystopian chills
New tests cast a disappointing light on Nvidia’s RTX 5090 laptop GPU, suggesting that at today’s prices, RTX 5080 notebooks are a far better buy
More about security
Palo Alto Networks gateways facing huge number of possible security attacks
Apple just finally patched a whole host of OS security issues on older devices, so update now
Nintendo Switch 2 is bringing back one of the Nintendo DS’s best features
See more latest
Most Popular
Nintendo Switch 2 is bringing back one of the Nintendo DS’s best features
Nintendo Switch 2 specs revealed, and yes, it will support 4K resolution - as well as a host of other upgrades over the original
We finally know about the C button on the Nintendo Switch 2 – here’s what it does
Hulu and Paramount+ order a new Dexter prequel and Handmaid's Tale sequel, giving fans more killer thrills and dystopian chills
While we wait for a Bloodborne remake or sequel, FromSoftware just announced The Duskbloods, a brand new Switch 2 exclusive
The Samsung Galaxy Tab S10 FE launches with an iPad Air-rivaling screen and AI features galore
NYT Connections hints and answers for Thursday, April 3 (game #662)
NYT Strands hints and answers for Thursday, April 3 (game #396)
Quordle hints and answers for Thursday, April 3 (game #1165)
Palo Alto Networks gateways facing huge number of possible security attacks
LATEST ARTICLES
Nintendo Switch 2 is bringing back one of the Nintendo DS’s best features
Nintendo Switch 2 specs revealed, and yes, it will support 4K resolution - as well as a host of other upgrades over the original
We finally know about the C button on the Nintendo Switch 2 – here’s what it does
Hulu and Paramount+ order a new Dexter prequel and Handmaid's Tale sequel, giving fans more killer thrills and dystopian chills
The Nintendo Switch 2 pre-order details have been revealed - here's the price, when they start, where you'll likely be able to buy it, and the best links to bookmark now
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future's experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait...