Security News > 2022 > December > Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network.
The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.
The Redigo infection chain is similar in that the adversaries scan for exposed Redis servers on port 6379 to establish initial access, following it up by downloading a shared library "Exp lin.so" from a remote server.
This library file comes with an exploit for CVE-2022-0543 to execute a command in order to retrieve Redigo from the same server, in addition to taking steps to mask its activity by simulating legitimate Redis cluster communication over port 6379.
"The dropped malware mimics the Redis server communication which allowed the adversaries to hide communications between the targeted host and the C2 server," Aqua researcher Nitzan Yaakov explained.
It's not known what the end goal of the attacks are, but it's suspected that the compromised hosts could be co-opted into a botnet to facilitate DDoS attacks or used to steal sensitive information from the database server to further extend their reach.
News URL
http://thehackernews.com/2022/12/hackers-exploiting-redis-vulnerability.html
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-0543 | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |