A New Backdoor Found in Microsoft SQL Server

Security researchers at ESET have found a backdoor in Microsoft SQL server that allows an attacker to control a system remotely.

“Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version 11 and version 12 by using a magic password," reported The Hacker News.

The malware remains completely undetected on a user’s SQL Server, as it disables the logging functions, event publishing, and audit mechanisms.

By remaining stealth, the attackers leverage the malware to copy, modify, or delete the content stored in a database.

"This could be used, for example, to manipulate in-game currencies for financial gain. In-game currency database manipulations by Winnti operators have already been reported," researchers said.