Cloud Security

Novel Migo malware impacts Redis servers

Redis servers have been subjected to attacks with the novel Migo malware meant to facilitate cryptomining on Linux hosts, reports The Hacker News.

Cado Security researchers discovered that several of its Redis honeypots have been targeted with atypical commands meant to deactivate certain configuration options to conceal additional exploitation activities. Two different Redis keys are then established by attackers, one of which facilitates the retrieval of the Migo malware from the file transfer service, according to the report. Aside from averting reverse engineering, Migo also acts as an XMRig downloader and enables persistence, miner deployment, and activity concealment. Such activities were previously observed in SkidMap malware actors, as well as the Rocke, TeamTNT, and WatchDog cryptojacking operations, researchers added. "Migo demonstrates that cloud-focused attackers are continuing to refine their techniques and improve their ability to exploit web-facing services," said security researcher Matt Muir.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.