Infosec researchers are warning about a new piece of malware that has already managed to infect hundreds of Microsoft SQL servers spread all across the world. The threat is being tracked as Maggie and is equipped with an expansive set of intrusive features. Victims of the Maggie malware have been mostly located in India, South Korea, China, Russia, Vietnam, Thailand, the U. S. and Germany. Details about the malware were revealed to the public in a report by security researchers recently.
When deployed on the infected systems, the Maggie malware will disguise itself as an Extended Stored Procedure DLL named 'sqlmaggieAntiVirus_64.dll,' which will be digitally signed by a company named DEEPSoft Co. Ltd. These files can extend the functionality of SQL queries via API accepting remote user arguments. Through this functionality, Maggie can establish backdoor access to the device and execute over 50 commands.
Based on their specific goals, the attackers can instruct Maggie to harvest system information, execute programs, manage the file system, start remote desktop services and more. The identified commands also include four 'Exploit' ones, which could indicate that the cybercriminals are exploiting known vulnerabilities for certain actions on the breached systems.
The Maggie malware also can provide the hackers with the ability to connect to any IP address within the reach of the infected MS-SQL server. In addition, to better mask its activities, Maggie is equipped with SOCKS5 proxy functionality and can route all abnormal network packets through a chosen proxy server.