BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New HeadCrab malware hits 1,200 Redis servers to mine cryptocurrency


    A new malware designed to hunt down vulnerable Redis servers on the Internet has infected more than a thousand of them since September 2021. The Aqua Security researchers who discovered this program named it HeadCrab. According to them, the malware is not yet detectable by traditional antivirus solutions.

    “We found not only the HeadCrab malware, but also a unique method for detecting its infection on Redis servers. Our method identified about 1,200 infected servers,” the researchers said.

    The attackers behind the botnet exploited a vulnerability in Redis servers: they do not have authentication enabled by default. However, they are intended to be used on an organization's network and should not have access to the Internet at all.

    Thus, the fault in the distribution of malware lies largely with the administrators who maintain the servers. Because if you accidentally or intentionally configure the servers so that they are accessible from the Internet, attackers can easily compromise and take over them using their malicious tools.

    ​Once installed and launched, HeadCrab provides attackers with all the capabilities they need to take full control of the target server and add it to their cryptomining botnet network.

    Also HeadCrab does its best to avoid detection. Here is what the researchers think about this: “The malware is mainly based on Redis processes, which are unlikely to be marked as malicious. The payload is loaded via memfd directly into the server's RAM, avoiding being written to disk."

    While analyzing the malware, the researchers also found that attackers primarily use mining pools hosted on previously compromised servers to make attribution and detection more difficult.

    In addition, according to the statistics of the Monero crypto wallet associated with this botnet, attackers receive an annual profit of about $4,500 per device, which is much higher than the usual $200 on ordinary computers.

    To protect their Redis servers, administrators are advised to ensure that only clients within the network have access, disable the "slaveof" feature when not in use, and enable protected mode.

    Author DeepWeb
    Dangerous combinations when using Alpha-PVP
    Killnet hacker group attacked US medical sector

    Comments 0

    Add comment