Nearly half of the 2,300 internet-exposed Redis servers compromised with the HeadCrab malware as part of an attack campaign that was initially reported in early 2023 have been infected with an updated variant of the backdoor, according to The Hacker News.
Several improvements have been added into HeadCrab 2.0, including a fileless loader mechanism aimed at increased stealth and persistence, as well as Redis MGET command usage for command-and-control communications, a report from Aqua Nautilus revealed. Researchers noted that the command has facilitated better C2 control during attacker-initiated requests, which are being delivered a customized string as an argument. Such findings indicate mounting challenges in identifying HeadCrab 2.0 malware attacks, said researchers.
"This evolution underscores the necessity for continuous research and development in security tools and practices... The engagement by the attacker and the subsequent evolution of the malware highlights the critical need for vigilant monitoring and intelligence gathering," researchers added.
