Share this article
Thousands of Microsoft Servers Infected by Crypto-Mining Botnet Since 2018, Says Report
The attackers have apparently been targeting Microsoft SQL database servers to mine cryptocurrency for two years.
Updated Sep 14, 2021, 8:24 a.m. Published Apr 1, 2020, 2:05 p.m.
A malicious botnet has been targeting Microsoft SQL database servers to mine cryptocurrency for two years, according to a new report.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Guardicore Labs said Wednesday that in the last several weeks alone, the hackers had managed to infect close to 2,000 to 3,000 servers daily. As reported by Hacker News, the botnet has been dubbed "Vollgar" after the vollar cryptocurrency it mines alongside monero , and its "vulgar" way of operating.
The attack brute-forces passwords in order to access servers with poor security. Once in, it executes configuration changes allowing the hackers to run malicious commands and download malware binaries.
Entities across health care, aviation, IT, telecoms and education in China, India, South Korea, Turkey and the U.S. have all been affected, according to the report.
Also read: Alleged Mastermind of Sex Abuse Chatrooms Hid Payments With Privacy Coin Monero
The network of compromised computers was used to host all of the attackers infrastructure, with its primary command-and-control server based in China, according to Guardicore. That itself had been compromised by multiple attackers, the firm added.
To help companies find out if their servers have been infected by this attack, Guardicore has released a script on GitHub.
In other security news, ZDNet reported earlier this week that QR codes – now ubiquitous across the bitcoin industry as a mean of making it easier to make bitcoin payments – have become another attack vector.
The shockingly simple attack saw malicious actors provide a purported service allowing people to create a QR code for payments to their bitcoin addresses. However, the address inserted was the attacker's own.
Harry Denley, director of security at MyCrypto, discovered the scheme hosted on nine websites. According to the report, some $45,000 in bitcoin has been stolen in the last month.
See also: Bitcoin’s Ransomware Problem Won’t Go Away
For the record, it's advisable to avoid these sites at all costs: bitcoin-barcode-generator.com, bitcoinaddresstoqrcode.com, bitcoins-qr-code.com, btc-to-qr.com, create, bitcoin-qr-code.com, free-bitcoin-qr-codes.com, freebitcoinqrcodes.com, qr-code-bitcoin.com and qrcodebtc.com
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
ICP Rises, Keeping Price Above Key Support Levels
Internet Computer rose, keeping the price above the $3.40 support zone, with early session volume spikes failing to produce a sustained breakout.
What to know:
- ICP rose 0.6% to $3.44 as early session volume surged 31% above average before fading.
- Resistance near $3.52–$3.55 rejected multiple breakout attempts, keeping the token range-bound.
- Support between $3.36–$3.40 held firm, maintaining ICP’s short-term higher-low structure.
Top Stories
