Redis servers attacked by Redigo malware
By MYBRANDBOOK
A new Go-based malware threat called Redigo has been targeting Redis servers are affected by CVE-2022-0543 vulnerability. It has plant a stealthy backdoor and allow command execution. Attackers continued to leverage it on unpatched machines several months after the fix came out in February this year, as proof-of-concept exploit code became publicly available.
The CVE-2022-0543 flaw is a Lua sandbox escape flaw that impacts Debian and Debian-derived Linux distributions. The vulnerability, which was rated 10 out of 10 for severity, could be exploited by a remote attacker with the ability to execute arbitrary Lua scripts to possibly escape the Lua sandbox and execute arbitrary code on the underlying machine. Juniper Threat Labs researchers reported that the Muhstik botnet has been observed targeting Redis servers exploiting the CVE-2022-0543 vulnerability.
Attacks with Redigo commence with port 6379 scans to discover exposed Redis instances, which will then be followed by the execution of several commands involving verification of the instance's vulnerability, creation of an attacking server copy, connection configurations, replication stream initiation, and module downloading from the downloaded dynamic library, according to an Aquasec report.
Host hardware information is being collected by the backdoor using its command execution capabilities prior to Redigo download and execution. While Redigo's processes following initial environment foothold remain uncertain due to attack duration limits in Aquasec honeypots, Aquasec researchers suspect that vulnerable servers may be added by the malware as a bot for distributed denial-of-service attacks and cryptocurrency mining attacks.
AquaSec researchers believe that threat actors are using the Redigo malware to infect Redis and add them to a botnet used to launch denial-of-service (DDoS) attacks, run cryptocurrency miners, or steal data from the servers.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
IBALL WORLDWIDE PVT. LTD.
MICROMAX INFORMATICS LTD.
TP-LINK INDIA PVT LTD.
WIPRO LTD.
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
Technology Icons Of India 2023: Bhavish Aggarwal
Ola CEO Bhavish Aggarwal had formed Ola-India’s largest mobility pla...
Technology Icons Of India 2023: Som Satsangi
With more than three decades in the IT Sector, Som is responsible for ...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
EXCLUSIVE NETWORKS SALES INDIA PVT. LTD.
Exclusive Networks is a globally trusted cybersecurity specialist hel...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
INFLOW TECHNOLOGIES PVT. LTD.
Inflow Technologies is a niche player in the IT Infrastructure Distrib...