Threat Advisory

Redigo – The Redis backdoor Malware

December 6, 2022 | By Accorian

A new Go-based malware, Redigo, is used in an attack targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis servers. The CVE-2022-0543 vulnerability affects Debian and Linux distributions and is a Lua sandbox escape vulnerability. The vulnerability, which was given a severity rating of 10, might be used by a remote attacker who can run any Lua script to potentially bypass the Lua sandbox and execute arbitrary code.

Threat actors attempt to connect to the Redis server through port 6379 in the first step of the attack chain to learn more about the CPU architecture. The second use of the command is to download the newly discovered Redigo Malware. After downloading the malware file, the attackers elevate the permissions of the file to execute it.

The Redigo malware, according to researchers, is being used by threat actors to infect Redis servers and add them to a botnet that they may then deploy to perform denial-of-service (DDoS) attacks, run cryptocurrency miners, or steal information from the servers. All the users who run Redis on Debian, Ubuntu, and possibly other Debian-based distros are advised to update their Redis package to the latest available version, as the vulnerability has already been fixed.

Accorian is happy to assist you for any assistance you may require. Please feel free to reach out to us.

Source: https://blog.aquasec.com/redigo-redis-backdoor-malware

Threat Advisory Team 

Accorian

Recent Post

    Ready to Start?



      Ready to Start?



        Download Case study




          Download Guide




          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to joinourteam@accorian.com

            Interested Position

            First Name

            Last Name

            Email

            Total Experience

            Mobile Number

            Upload Resume