Security News > 2022 > December > Unpatched Redis servers targeted in new Redigo malware attacks
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution.
Today, AquaSec reports that its Redis honeypots vulnerable to CVE-2022-0543 caught a new piece of malware that is not detected as a threat by antivirus engines on Virus Total.
AquaSec says that Redigo attacks start with scans on port 6379 to locate Redis servers exposed on the open web.
The attackers simulate normal Redis communication over port 6379 to evade detection by network analysis tools while attempting to hide traffing from Redigo's command and control server.
AquaSec says it's likely that the ultimate goal of Redigo is to add the vulnerable server as a bot in a network for distributed denial-of-service attacks or to run cryptocurrency miners on the compromised systems.
Since Redis is a database, accessing the data to steal it would also be a plausible scenario in Redigo attacks.
News URL
Related news
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-0543 | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |