Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

Dec 02, 2022Ravie LakshmananDatabase Safety / Cyber Menace

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A beforehand undocumented Go-based malware is concentrating on Redis servers with the aim of taking management of the contaminated techniques and certain constructing a botnet community.

The assaults contain benefiting from a important safety vulnerability within the open supply, in-memory, key-value retailer that was disclosed earlier this yr to deploy Redigo, in accordance with cloud safety agency Aqua.

Tracked as CVE-2022-0543 (CVSS rating: 10.0), the weak point pertains to a case of sandbox escape within the Lua scripting engine that might be leveraged to achieve distant code execution.

Redis Vulnerability

This isn’t the primary time the flaw has come below energetic exploitation, what with Juniper Menace Labs uncovering assaults perpetrated by the Muhstik botnet in March 2022 to execute arbitrary instructions.

The Redigo an infection chain is comparable in that the adversaries scan for uncovered Redis servers on port 6379 to ascertain preliminary entry, following it up by downloading a shared library “exp_lin.so” from a distant server.

WEBINAR

Uncover the Hidden Risks of Third-Celebration SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be a part of our webinar to study concerning the forms of permissions being granted and easy methods to decrease danger.

RESERVE YOUR SEAT

This library file comes with an exploit for CVE-2022-0543 to execute a command so as to retrieve Redigo from the identical server, along with taking steps to masks its exercise by simulating reputable Redis cluster communication over port 6379.

“The dropped malware mimics the Redis server communication which allowed the adversaries to cover communications between the focused host and the C2 server,” Aqua researcher Nitzan Yaakov defined.

It is not identified what the top aim of the assaults are, however it’s suspected that the compromised hosts might be co-opted right into a botnet to facilitate DDoS assaults or used to steal delicate data from the database server to additional prolong their attain.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.


Supply By https://thehackernews.com/2022/12/hackers-exploiting-redis-vulnerability.html

Related posts