Security News > 2022 > December > Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
2022-12-02 11:09

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network.

The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.

The Redigo infection chain is similar in that the adversaries scan for exposed Redis servers on port 6379 to establish initial access, following it up by downloading a shared library "Exp lin.so" from a remote server.

This library file comes with an exploit for CVE-2022-0543 to execute a command in order to retrieve Redigo from the same server, in addition to taking steps to mask its activity by simulating legitimate Redis cluster communication over port 6379.

"The dropped malware mimics the Redis server communication which allowed the adversaries to hide communications between the targeted host and the C2 server," Aqua researcher Nitzan Yaakov explained.

It's not known what the end goal of the attacks are, but it's suspected that the compromised hosts could be co-opted into a botnet to facilitate DDoS attacks or used to steal sensitive information from the database server to further extend their reach.


News URL

http://thehackernews.com/2022/12/hackers-exploiting-redis-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-0543 Missing Authorization vulnerability in Redis
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
network
low complexity
redis CWE-862
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Redis 4 4 10 15 4 33