For each targeted IP address, the malware starts scanning for phpMyAdmin, MySQL, FTP, and Postgres services. After detecting an open port accepting connections, it will attempt to log in using ...