Security News > 2023 > February > HeadCrab bots pinch 1,000+ Redis servers to mine coins

A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in the last 18 months.

"The victims seem to have little in common, but the attacker seems to mainly target Redis servers and has a deep understanding and expertise in Redis modules and APIs as demonstrated by the malware," Asaf Eitani and Nitzan Yaakov reported.

Open-source Redis database servers do not have authentication switched on by default, which is something the HeadCrab attackers use to their advantage.

If administrators don't enable authentication, or ensure the servers run on a secure, closed network as opposed to being exposed to the internet, the servers are vulnerable to unauthorized access and command execution.

Redis clusters use master and slave servers for data replication and synchronization, which HeadCrab also takes advantage of in its attacks.

While the security researchers don't know who is behind the attacks, the motivation for compromising Redis servers appears to be illicit cryptocurrency mining.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/04/headcrab_botnet_aqua/