Vulnerable Redis Servers Targeted for Cryptojacking
Redis servers have been subjected to attacks.
Internet-exposed Redis servers have been subjected to attacks deploying the XMRig cryptocurrency mining malware.
As part of the new RedisRaider Linux cryptojacking campaign, attacks commence with the scanning of Redis servers running on Linux and the subsequent exploitation of Redis's SET command for a cron job injection, according to a report from Datadog Security Labs.
This is then followed by the modification of the Redis working directory and the installation of the RedisRaider binary. Aside from deploying a custom XMRig version and spreading malware across other Redis instances, RedisRaider also features a web-based Monero miner for additional revenue generation, said researchers.
They also discovered the campaign's integration of short-key time-to-live settings and modified database configurations for concealing malicious activity.
Upcoming Events
Related content
Cyber incident involving rerouted payment drains Zephyr of £700K
Hijacked NHS Scotland domains push adult content
UK cybercrime significantly outpaces police staffing growth
Fraud losses top £629M as UK ramps up enforcement
Youth cybercrime radicalization driven by online platforms, NCA leader says
Global cybercrime clampdown disrupts over 45K illicit IP addresses
Report: UK cyberattacks grow faster than global rate
Confirm cancellation
An error occurred trying to play the stream. Please reload the page and try again.
CloseSign up benefits
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
- Weekly newsletters featuring industry-leading insight
- Access to free cyber expert webinars and videos
- Privileged viewership of special reports, such as the Annual Cyber Salary Survey and Women of Influence