Unit 42 researchers uncovered a novel Linux-based cryptocurrency mining botnet that exploits a disputed Postgres remote code execution vulnerability. PGMiner exploits a controversial feature in Postgres called “copy from program,” which was introduced in version 9.3 on Sept. 9, 2013. Postgres is among the most-used open source relational database management systems (RDBMS) for production environments. The payload is delivered via Postgres, which communicates to the backend C2 servers through SOCKS5 proxies. After that, it downloads the payloads based on the system architecture.”]
Source: https://unit42.paloaltonetworks.com/pgminer-postgresql-cryptocurrency-mining-botnet/