Real 2025 Postgresql Cryptojacking Incident and AI-Assisted Recovery

Posted6d ago

levelZero

1 points

1 comments

substack.comNewsstory

informativeneutral

Debate

20/100

PostgresqlCryptojackingAI SecurityData Storage Security

Key topics

Postgresql

Cryptojacking

AI Security

Data Storage Security

Discussion Activity

Light discussion

First comment

N/A

Peak period

Start

Avg / period

Key moments

01Story posted
Dec 27, 2025 at 4:49 AM EST
6d ago
Step 01
02First comment
Dec 27, 2025 at 4:49 AM EST
0s after posting
Step 02
03Peak activity
1 comments in Start
Hottest window of the conversation
Step 03
04Latest activity
Dec 27, 2025 at 4:49 AM EST
6d ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 1 comments

levelZeroAuthor

6d ago

A dev laptop running Ubuntu 24.04 got hit by a classic PostgreSQL cryptojacking attack while on public Wi-Fi (port 5432 exposed, UFW temporarily off). Detection started with fan noise → btop tree view revealed 70-99% CPU under the postgres user. The recovery was fully scripted, transparent, and driven by a local coding agent (Codex-Max-5.2) turned into a paranoid remediation specialist via a custom AGENTS.md directive. Highlights:

Generated dozens of timestamped audit/cleanup scripts Captured rogue sshd binary → 24/64 detections on VT as Linux trojan/rootkit hider Ended with UFW timed rules, auditd watches, LAN-only services

Full play-by-play, verbatim scripts, and takeaways — no hype, just level zero truth.

https://open.substack.com/pub/layerzero0/p/surviving-a-2025-...

Would love feedback from anyone who's dealt with Postgres miners or AI-assisted IR.

View full discussion on Hacker News

ID: 46400548Type: storyLast synced: 12/27/2025, 9:50:21 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN