Threat Advisory

Redigo – The Redis backdoor Malware

December 6, 2022 | By Accorian

A new Go-based malware, Redigo, is used in an attack targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis servers. The CVE-2022-0543 vulnerability affects Debian and Linux distributions and is a Lua sandbox escape vulnerability. The vulnerability, which was given a severity rating of 10, might be used by a remote attacker who can run any Lua script to potentially bypass the Lua sandbox and execute arbitrary code.

Threat actors attempt to connect to the Redis server through port 6379 in the first step of the attack chain to learn more about the CPU architecture. The second use of the command is to download the newly discovered Redigo Malware. After downloading the malware file, the attackers elevate the permissions of the file to execute it.

The Redigo malware, according to researchers, is being used by threat actors to infect Redis servers and add them to a botnet that they may then deploy to perform denial-of-service (DDoS) attacks, run cryptocurrency miners, or steal information from the servers. All the users who run Redis on Debian, Ubuntu, and possibly other Debian-based distros are advised to update their Redis package to the latest available version, as the vulnerability has already been fixed.

Accorian is happy to assist you for any assistance you may require. Please feel free to reach out to us.


Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide