Security News > 2024 > February > New Migo malware disables protection features on Redis servers

New Migo malware disables protection features on Redis servers
2024-02-20 19:38

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.

Hackers are always looking for exposed and potentially vulnerable Redis servers to hijack resources, steal data, and other malicious purposes.

What is interesting about the new malware strain is the use of system-weakening commands that turn off Redis security features, allowing cryptojacking activities to continue for extended periods.

Upon compromising exposed Redis servers, the attackers disable critical security features to allow receiving subsequent commands and making replicas writable.

Cado says they noticed the attackers disabling the following configuration options through the Redis CLI. set protected-mode: disabling this allows external access to the Redis server, making it easier for an attacker to execute malicious commands remotely.

Migo's attack chain shows that the threat actor behind it has a strong understanding of the Redis environment and operations.


News URL

https://www.bleepingcomputer.com/news/security/new-migo-malware-disables-protection-features-on-redis-servers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Redis 4 4 10 15 4 33