Cado, a cloud forensics and incident response firm, reports that Redis servers are being targeted with new malware that includes a user mode rootkit and cryptocurrency miners.
During the observed attacks, threat actors run commands on the victim Redis servers to disable configuration options and weaken the target before deploying the malicious payload. According to Cado, the attackers were seen disabling protections that prevent connections outside the loopback interface and reject incoming write commands, allowing malware to be deployed.
The primary payload in these attacks is a piece of malware known as ‘Migo’, written in the Golang programming language and downloads an XMRig installer from GitHub.
Read More: Redis Servers Targeted With New ‘Migo’ Malware
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.