Redis servers have been subjected to attacks with the novel Migo malware meant to facilitate cryptomining on Linux hosts, reports The Hacker News.
Cado Security researchers discovered that several of its Redis honeypots have been targeted with atypical commands meant to deactivate certain configuration options to conceal additional exploitation activities. Two different Redis keys are then established by attackers, one of which facilitates the retrieval of the Migo malware from the Transfer.sh file transfer service, according to the report. Aside from averting reverse engineering, Migo also acts as an XMRig downloader and enables persistence, miner deployment, and activity concealment. Such activities were previously observed in SkidMap malware actors, as well as the Rocke, TeamTNT, and WatchDog cryptojacking operations, researchers added. "Migo demonstrates that cloud-focused attackers are continuing to refine their techniques and improve their ability to exploit web-facing services," said security researcher Matt Muir.
Cado Security researchers discovered that several of its Redis honeypots have been targeted with atypical commands meant to deactivate certain configuration options to conceal additional exploitation activities. Two different Redis keys are then established by attackers, one of which facilitates the retrieval of the Migo malware from the Transfer.sh file transfer service, according to the report. Aside from averting reverse engineering, Migo also acts as an XMRig downloader and enables persistence, miner deployment, and activity concealment. Such activities were previously observed in SkidMap malware actors, as well as the Rocke, TeamTNT, and WatchDog cryptojacking operations, researchers added. "Migo demonstrates that cloud-focused attackers are continuing to refine their techniques and improve their ability to exploit web-facing services," said security researcher Matt Muir.
