Cryptocurrency mining operations target Windows Server, Redis and Apache Solr servers online

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Researchers from the ISC SANS group and the Anti-DDoS company Imperva discovered two distinct campaigns targeting Windows Server, Redis and Apache Solr servers online.
Last week new mining campaigns targeted unpatched Windows Server, Apache Solr, and Redis servers, attackers attempted to install the cryptocurrency miner Coinminer.

Two campaigns were spotted by researchers from the ISC SANS group and the Anti-DDoS company Imperva.

The campaign observed by Imperva has been targeting Redis and Windows Server installs, the company tracked the operation as RedisWannaMine.

Crooks are conducting an Internet mass-scanning for systems running outdated Redis versions, the attackers attempt to trigger the CVE-2017-9805 vulnerability.

“This week we saw a new generation of cryptojacking attacks aimed at bothdatabase servers and application servers. We dubbed one of these attacks RedisWannaMine.” reads the blog post published by Imperva.

“RedisWannaMine is more complex in terms of evasion techniques and capabilities. It demonstrates a worm-like behavior combined with advanced exploits to increase the attackers’ infection rate and fatten their wallets.”

RedisWannaMine executes a script to download a publicly available tool, dubbed masscan, that is stored on Github repository, then compiles and installs it.
..
..
..
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top