22.Lock ScreenEffect

A new malware dubbed “Migo” that is targeting Linux Redis servers to mine cryptocurrency via a cryptojacking attack has been discovered. This campaign employs many Redis system-weakening commands to potentially disable data store security features that could hinder their initial attempts at access.

What Is Migo Malware & How Does It Target Linux Redis Servers?

LinuxmalwareMigo tries to infiltrate Redis servers to mine cryptocurrency on the Linux host. Researchers noted that the malware employs several Redis commands to carry out a cryptojacking attack. Redis is an open-source NoSQL key/value store that runs entirely in memory and is mainly utilized as a quick-response database or application cache. The platform offers unmatched speed, dependability, and performance since it keeps data in memory rather than on a disk or solid-state drive.

One critical aspect of the malware is that after disabling several configuration parameters, the attacker uses the “set” command to set the values of two Redis keys. One key is assigned a string value corresponding to a malicious attacker-controlled SSH key, and the other to a Cron job that retrieves the malicious primary payload from Transfer.sh via Pastebin. The main payload of the malware is a compiled binary created with Go, indicating that the individuals behind Migo are still refining their methods and making the analysis process more difficult.

What Can We Learn From This Threat?

As an open-source platform, Redis is incredibly vulnerable to these types of attacks, and the Migo malware underscores the importance of developing a robust security protocol around Redis deployments. Regularly testing and updating Redis servers, developing a response and recovery plan, consistently monitoring and analyzing server traffic, and putting in place user activity monitoring safeguards are all steps that should be taken to minimize risks and exposure.

Our Final Thoughts on Migo Malware

This newly discovered threat's impact on security practitioners can not be overstated. It is a compelling reminder of the need to develop a robust security protocol around Redis servers. Cybercrime is evolving, and open-source software protocols like Redis face unique challenges. We urge admins, users and organizations to take a rigorous and proactive approach to keeping pace with new developments to stay ahead of the curve. Staying informed on security developments and trends and continuing education and upskilling in security practices are critical in mitigating the ongoing threat of cyberattacks.