Datadog Security Labs has reported a new cryptojacking campaign dubbed RedisRaider, which targets publicly accessible Redis servers. The campaign utilizes a scanner to identify vulnerable systems within the IPv4 space, leveraging legitimate Redis commands to deploy malicious cron jobs. By setting up a payload that drops a tailored version of the XMRig miner, the attackers can not only mine Monero currency but also propagate the malware to additional servers. Anti-forensics measures are employed to evade detection and thwart analysis of the attack.
In addition to server-side cryptojacking, RedisRaider's infrastructure also hosted a web-based Monero miner, enabling a multi-pronged revenue generation strategy.
RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems.
Collection
[
|
...
]