mem Malware with Runtime Security

The Aqua blog warns that numerous internet-exposed PostgreSQL servers (estimated 850,000–1.6 million) are being targeted by botnets and threat actors (e.g., Kinsing, PGMiner, PG_MEM) that exploit weak/default credentials to install malware such as the stealthy pg_mem, which mimics legitimate Postgres processes and uses persistence and evasion techniques; it recommends enabling behavioral detection and runtime enforcement in Aqua to detect and block such activity.