At least 1,200 Redis servers have been compromised by HeadCrab, a sophisticated piece of malware, according to Aqua Security.
Redis servers lack authentication and are vulnerable to unauthorized access if they are exposed to the internet despite being built to run on secure networks. Data can be divided and stored on various servers thanks to the ability of Redis servers to be configured in clusters. For data replication and synchronization, the structure uses a master server and slave servers. Slave servers are designated using the Slaveof command.
This command was used in an observed HeadCrab infection to add victim servers as slaves to an attacker-controlled Redis instance. To deploy the malware, malicious modules from the master server were then synchronized.