This was reported by a group of Aqua Nautilus Security Experts (via Bleeping Computer). The malware in question is called HeadCrab.
The people behind it have been targeting Redis servers for over two years. They find vulnerable systems to attack over the internet and then add the servers to their botnet, which they use to generate Monero on a massive scale.
Often heard – never used: protective measures on the Internet
Profits go to as yet unknown threat actors
According to Aqua Nautilus, more than a thousand servers have been infected since September 2021 to mine the cryptocurrency. At least 1200 such servers were recognized by the security researchers.
Antivirus solutions without a chance
“This advanced threat actor uses a cutting-edge, custom-made malware that is undetectable by traditional antivirus solutions to compromise large numbers of Redis servers,” the researchers explained in their blog post on the threat. “We not only discovered the HeadCrab malware, but also a unique method to detect its infections in Redis servers.”
Perfidious exploitation
The threat actors behind this botnet take advantage of the fact that Redis servers do not have authentication enabled by default, as they are designed to work within an organization’s network and should not be exposed to the internet.
If administrators don’t secure them and accidentally (or intentionally) configure them to be accessible from outside their local network, attackers can easily compromise them and hijack them with malicious tools or malware. A Redis spokesperson has commented on the security threat and issued a statement:
opinion
“Redis is very supportive of the cybersecurity research community and we would like to thank AquaSec for publishing this report for the benefit of the Redis community. Their report highlights the potential dangers of misconfiguring Redis.
We encourage all Redis users to follow the security guidelines and best practices published in our open source and commercial documentation. We also offer a free security course as part of Redis University, covering both our open source and commercial offerings. There is no indication that Redis Enterprise Software or Redis Cloud Services have been affected by these attacks.”
Download RogueKiller – Detect and remove malware
Download Malwarebytes Premium – Quadruple protection against malware
- Unknown malware turns Redis servers into Monero miners
- More than a thousand server infections detected since 2021
- HeadCrab malware is not detected by traditional antivirus solutions.
- Redis servers are unauthenticated by default.
- Admins need to harden Redis to ward off attacks.
- Redis supports cybersecurity research community.
See also: