"In addition to server-side cryptojacking, RedisRaider's infrastructure also hosted a web-based Monero miner, enabling a multi-pronged revenue generation strategy."
"RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems."
Datadog Security Labs has reported a new cryptojacking campaign dubbed RedisRaider, which targets publicly accessible Redis servers. The campaign utilizes a scanner to identify vulnerable systems within the IPv4 space, leveraging legitimate Redis commands to deploy malicious cron jobs. By setting up a payload that drops a tailored version of the XMRig miner, the attackers can not only mine Monero currency but also propagate the malware to additional servers. Anti-forensics measures are employed to evade detection and thwart analysis of the attack.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]