Security News > 2024 > February > New Migo malware disables protection features on Redis servers
Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.
Hackers are always looking for exposed and potentially vulnerable Redis servers to hijack resources, steal data, and other malicious purposes.
What is interesting about the new malware strain is the use of system-weakening commands that turn off Redis security features, allowing cryptojacking activities to continue for extended periods.
Upon compromising exposed Redis servers, the attackers disable critical security features to allow receiving subsequent commands and making replicas writable.
Cado says they noticed the attackers disabling the following configuration options through the Redis CLI. set protected-mode: disabling this allows external access to the Redis server, making it easier for an attacker to execute malicious commands remotely.
Migo's attack chain shows that the threat actor behind it has a strong understanding of the Redis environment and operations.
News URL
Related news
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Researchers sinkhole PlugX malware server with 2.5 million unique IPs (source)