Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Share This

Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily.

Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version 11 and version 12 by using a “magic password.”

What’s more? The malware manages to remain undetected on the victim’s MSSQL Server by disabling the compromised machine’s logging functions, event publishing, and audit mechanisms every time the “magic password” is used.

With these capabilities, an attacker can stealthily copy, modify, or delete the content stored in a database, the impact of which varies from application to application integrated with targeted servers.

“This could be used, for example, to manipulate in-game currencies for financial gain. In-game currency database manipulations by Winnti operators have already been reported,” researchers said.


Share This

2 thoughts on “Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild”

  1. You actually make it appear really easy with your
    presentation but I find this matter to be really one thing which I believe I might by
    no means understand. It kind of feels too complex and
    very wide for me. I’m having a look forward on your subsequent put up,
    I will try to get the hang of it!

  2. My partner and I absolutely love your blog and find the majority of your post’s to be just
    what I’m looking for. Would you offer guest writers to write content for you?
    I wouldn’t mind composing a post or elaborating on a few of the subjects you write with regards to here.

    Again, awesome web site!

Leave a Comment

Subscribe for latest updates

Sign up to be in the know