Over a thousand Redis servers hijacked to mine crypto

More than a thousand Redis servers were infected by custom-built malware called HeadCrab, researchers have reported.  The malware made th...

More than a thousand Redis servers were infected by custom-built malware called HeadCrab, researchers have reported. 

The malware made the endpoints mine Monero, a privacy-oriented cryptocurrency, and a hacker favorite. 

Cybersecurity from Aqua Security’s Nautilus discovered a botnet spanning 1,200 Redis servers, which were infected in the last year and a half. The servers were located in the US, the UK, Germany, India, Malaysia, China, and other countries, and besides being Redis servers, have no other links. 

Authentication off by default

"The victims seem to have little in common, but the attacker seems to mainly target Redis servers and has a deep understanding and expertise in Redis modules and APIs as demonstrated by the malware," researchers Asaf Eitani and Nitzan Yaakov said.

As it turns out, open-source Redis database servers have authentication off by default, allowing threat actors to access them and execute code remotely, without needing to authenticate as a user. Apparently, many Redis users forgot to switch the authentication feature on, exposing their endpoints to attackers. 

What’s more, Redis clusters use master and slave servers for data replication and synchronization, allowing the attackers to use the default SLAVEOF command and set the target endpoint as a slave to a Redis server they already control. That allows them to deploy the HeadCrab malware. 

The researchers don’t know who hides behind the campaign, but looking at their cryptocurrency wallets, deduced that they bring in about $4,500 per infected device, a year. 

"We have noticed that the attacker has gone to great lengths to ensure the stealth of their attack," the researchers added.

Monero is arguably the most popular cryptocurrency among hackers engaging in cryptojacking. Over the years there had been countless reports of criminals deploying XMRig, a popular Monero miner, to servers and data centers around the world, raking up huge electricity bills to the victims, all the while rendering their servers practically useless.

Via: The Register



from TechRadar - All the latest technology news https://ift.tt/DxoWOpk
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Over a thousand Redis servers hijacked to mine crypto
Over a thousand Redis servers hijacked to mine crypto
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/02/over-thousand-redis-servers-hijacked-to.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/02/over-thousand-redis-servers-hijacked-to.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy