"HeadCrab"-Malware turns Redis servers into Monero miners


A previously unknown malware is in the process of turning Redis servers into Monero miners and using them remotely to mine cryptocurrencies. The malware appears to have been active since 2021, according to a report.

This was reported by a group of Aqua Nautilus Security Experts (via Bleeping Computer). The malware in question is called HeadCrab.

The people behind it have been targeting Redis servers for over two years. They find vulnerable systems to attack over the internet and then add the servers to their botnet, which they use to generate Monero on a massive scale.
Often heard – never used: protective measures on the Internet

Profits go to as yet unknown threat actors

According to Aqua Nautilus, more than a thousand servers have been infected since September 2021 to mine the cryptocurrency. At least 1200 such servers were recognized by the security researchers.

Antivirus solutions without a chance

“This advanced threat actor uses a cutting-edge, custom-made malware that is undetectable by traditional antivirus solutions to compromise large numbers of Redis servers,” the researchers explained in their blog post on the threat. “We not only discovered the HeadCrab malware, but also a unique method to detect its infections in Redis servers.”

Perfidious exploitation

The threat actors behind this botnet take advantage of the fact that Redis servers do not have authentication enabled by default, as they are designed to work within an organization’s network and should not be exposed to the internet.

If administrators don’t secure them and accidentally (or intentionally) configure them to be accessible from outside their local network, attackers can easily compromise them and hijack them with malicious tools or malware. A Redis spokesperson has commented on the security threat and issued a statement:

opinion

“Redis is very supportive of the cybersecurity research community and we would like to thank AquaSec for publishing this report for the benefit of the Redis community. Their report highlights the potential dangers of misconfiguring Redis.

We encourage all Redis users to follow the security guidelines and best practices published in our open source and commercial documentation. We also offer a free security course as part of Redis University, covering both our open source and commercial offerings. There is no indication that Redis Enterprise Software or Redis Cloud Services have been affected by these attacks.”

Download RogueKiller – Detect and remove malware
Download Malwarebytes Premium – Quadruple protection against malware

Summary

  • Unknown malware turns Redis servers into Monero miners
  • More than a thousand server infections detected since 2021
  • HeadCrab malware is not detected by traditional antivirus solutions.
  • Redis servers are unauthenticated by default.
  • Admins need to harden Redis to ward off attacks.
  • Redis supports cybersecurity research community.

See also:


Vulnerability, hacker, security, malware, attack, hack, virus, crime, malware, exploit, cybercrime, cybersecurity, hacking, hacker attack, internet crime, security gaps, Darknet, hacking, hacker attacks, hacker attack, security update, attack, course, hacks, anti-malware, crime, russian hacker, cyberwar, china hacker, risk, malware warning, cyber attack, security risk, security problem, cyber attack, skull, dead, dead, malware found, hazard, skull

Vulnerability, hacker, security, malware, attack, hack, virus, crime, malware, exploit, cybercrime, cybersecurity, hacking, hacker attack, internet crime, security gaps, Darknet, hacking, hacker attacks, hacker attack, security update, attack, course, hacks, anti-malware, crime, russian hacker, cyberwar, china hacker, risk, malware warning, cyber attack, security risk, security problem, cyber attack, skull, dead, dead, malware found, hazard, skull

Share This:

California18

Welcome to California18, your number one source for Breaking News from the World. We’re dedicated to giving you the very best of News.

Leave a Reply