• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new threat: stealthy headcrab malware compromised over 1,200 redis servers

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

You are here: Home / General Cyber Security News / New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
February 2, 2023

At minimum 1,200 Redis databases servers worldwide have been corralled into a botnet using an “elusive and severe menace” dubbed HeadCrab since early September 2021.

“This sophisticated threat actor makes use of a state-of-the-artwork, custom-produced malware that is undetectable by agentless and traditional anti-virus alternatives to compromise a substantial range of Redis servers,” Aqua security researcher Asaf Eitani claimed in a Wednesday report.

A sizeable focus of bacterial infections has been recorded in China, Malaysia, India, Germany, the U.K., and the U.S. to date. The origins of the risk actor are presently mysterious.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The conclusions appear two months just after the cloud security agency get rid of gentle on a Go-based malware codenamed Redigo that has been located compromising Redis servers.

The attack is designed to target Redis servers that are uncovered to the internet, followed by issuing a SLAVEOF command from a further Redis server that is previously under the adversary’s control.

HeadCrab Malware

In performing so, the rogue “grasp” server initiates a synchronization of the recently hacked server to obtain the destructive payload, which incorporates the sophisticated HeadCrab malware.

“The attacker appears to be to primarily concentrate on Redis servers and has a deep understanding and abilities in Redis modules and APIs as demonstrated by the malware,” Eitani observed.

HeadCrab Malware

Even though the top stop goal of using the memory-resident malware is to hijack the method methods for cryptocurrency mining, it also features of several other options that permits the threat actor to execute shell instructions, load fileless kernel modules, and exfiltrate information to a remote server.

What is actually a lot more, a follow-on investigation of the Redigo malware has exposed it to be weaponizing the identical grasp-slave procedure for proliferation, and not the Lua sandbox escape flaw (CVE-2022-0543) as earlier disclosed.

Users are encouraged to chorus from exposing Redis servers immediately to the internet, disable the “SLAVEOF” aspect in their environments if not in use, and configure the servers to only accept connections from trustworthy hosts.

Eitani claimed “HeadCrab will persist in utilizing slicing-edge approaches to penetrate servers, possibly by exploiting misconfigurations or vulnerabilities.”

Discovered this write-up interesting? Comply with us on Twitter  and LinkedIn to read extra exceptional written content we put up.


Some parts of this write-up are sourced from:
thehackernews.com

Previous Post: «researchers uncover new bugs in popular imagemagick image processing utility Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Next Post: City of London on High Alert After Ransomware Attack Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.