BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New Redigo malware attacks Redis servers


    Attackers inject malware using a critical RCE vulnerability.

    The malware was found on the baits of Aqua Security specialists. The researchers named it Redigo, combining the name of the target servers (Redis) and the programming language in which the malware is written (Go) into one word. To inject malware, hackers use the critical RCE vulnerability CVE-2022-0543 (which has a score of 10 out of 10 on the CVSS scale), which allows you to “escape from the sandbox” of the Lua script processor in Redis and execute arbitrary code on a remote host. This security flaw affects some variants of Debian and Ubuntu and was fixed by updating the Redis package to version 5.6.0.16.-1 in February of this year.

    And despite the presence of the patch, attackers are still actively trying to use it against unpatched systems. In addition, the PoC exploit is available to everyone.

    According to Aqua Security researchers, Redigo attacks start by scanning ports 6379 used by Redis. Having discovered the endpoint, hackers connect to it and try to execute the following commands:

    INFO - checks the version of Redis so that attackers can understand if the server is vulnerable to CVE-2022-0543;
    SLAVEOF - creates a copy of the server;
    REPLCONF - configures the connection from the attacker's server to the created copy;
    PSYNC - starts the replication thread and loads the exp_lin.so library on the server disk;
    MODULE LOAD - loads the exp_lin.so module from the downloaded dynamic library. This module is capable of executing arbitrary commands and exploiting CVE-2022-0543;
    SLAVEOF NO ONE - Makes the vulnerable Redis server the master server.

    Using the capabilities of the injected backdoor, the attackers collect information about the host and then download Redigo to it, launching the malware after privilege escalation.

    Since the attack time on the decoy is limited, Aqua Security analysts were not able to find out what Redigo does after it is logged into the system. According to experts, attackers are trying to connect a Redis server to a botnet to carry out DDoS attacks, cryptojacking or data theft.

    Author DeepWeb
    New version of Punisher ransomware targets Chilean citizens
    The United States spoke about the North Korean malware AppleJeus to steal cryptocurrency

    Comments 0

    Add comment