New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.
Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, who dubbed it HeadCrab, the malware has so far ensnared at least 1,200 such servers, which are also used to scan for more targets online.
"This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," the researchers
said. "We discovered not only the HeadCrab malware but also a unique method to detect its infections in Redis servers. Our method found approximately 1,200 actively infected servers when applied to exposed servers in the wild."
