Researchers at cloud security company Aqua Security are raising alarm on a newly identified backdoor targeting Redis servers.
The malware, known as Redigo, is written in the Go programming language and was spotted being used in an attack that gained initial access using a known Redis vulnerability (CVE-2022-0543, CVSS rating of 10). The bug, which could result in remote code execution (RCE), gained attention in April after security researchers discovered more than 2,000 servers that were exposed to the internet. In February, patches were made available. Because Redis uses the Lua scripting engine to let users load and run Lua scripts directly on the server, it is vulnerable.
“The Lua library offered a dynamic library in some Debian packages. A package variable is loaded by the Redis server when it loads the Lua library.
Read More: Redigo: New Backdoor Targeting Redis Servers