Friday, October 11, 2024
Homeall sectorsMigo Malware Strikes: Redis Targeted for Crypto Mining

Migo Malware Strikes: Redis Targeted for Crypto Mining

Introduction:

In recent findings by Cado Security researchers, a new threat looms over Redis as the Migo malware infiltrates systems, exploiting vulnerabilities for cryptocurrency mining on Linux hosts.

Understanding the Migo Malware Campaign

Novel Techniques Employed by Migo Malware

  1. Authentication Bypass: Migo takes advantage of weak or default authentication credentials to gain unauthorized access to Redis instances.
  2. Command Injection: The malware injects malicious commands into Redis, allowing it to execute arbitrary code and manipulate data stored within the database.
  3. Remote Code Execution (RCE): Migo leverages Redis vulnerabilities to achieve RCE on the underlying Linux host, enabling attackers to execute commands remotely and potentially compromise the entire system.

Implications for System Security

  1. Data Breach Risks: Exploitation of Redis vulnerabilities by Migo can lead to unauthorized access to sensitive data stored in Redis databases, increasing the risk of data breaches.
  2. Compromised System Integrity: The ability of Migo to execute arbitrary code and achieve RCE on Linux hosts poses a significant threat to system integrity, potentially allowing attackers to install additional malware or carry out further malicious activities.
  3. Cryptojacking Concerns: With Migo targeting Redis for cryptocurrency mining, organizations face the risk of reduced system performance, increased energy consumption, and potential financial losses due to unauthorized mining activities.

Conclusion:

The emergence of Migo malware highlights the persistent threat landscape surrounding Redis and underscores the importance of proactive security measures to safeguard against such campaigns.

Suggestion:

It’s imperative for organizations to promptly patch vulnerabilities in Redis and implement robust security protocols to mitigate the risks posed by evolving malware campaigns like Migo.

Source: Blog Post
Source Reliability: Trustworthy
Information Reliability: Confirmed
Motivation: Cyber Crime
Source Category: Technical Intelligence
Severity: Low


Indicator Of Compromise (IOC) Information:

TypeIOCDetails
Infohash84c75536b279a85a5320f058514b884a016bc8c8Malicious: 31
Suspicious: N/A
Malware Family: generickd
MetaDefender: 100
Blocked Reason: Infected Zone: Grey
Hits Count: Not Found Abuse Score: N/A
Status: N/A
Infohasha1bb4531ce800515afa1357b633c73c27fa305cfMalicious: 0
Suspicious: N/A
Malware Family: N/A MetaDefender %: N/A Blocked Reason: N/A Zone: Red Hits Count: 100 Abuse Score: N/A Status: N/A
Infohash1f9fcf86a56394a7267d85ba76c1256d12e3e76bMalicious: 38 Suspicious: N/A Malware Family: malware MetaDefender %: 100 Blocked Reason: Infected Zone: Red Hits Count: 10 Abuse Score: N/A Status: N/A
Infohash1fc236e94b54d3ddc4b2afb8d44a19abd7cf0dd4Malicious: 0 Suspicious: N/A Malware Family: N/A MetaDefender %: N/A Blocked Reason: N/A Zone: Red Hits Count: 100 Abuse Score: N/A Status: N/A
Infohash73ece3d738777e791035e9c0c94bf4931baf3e3aMalicious: 0 Suspicious: N/A Malware Family: N/A MetaDefender %: N/A Blocked Reason: N/A Zone: Red Hits Count: 100 Abuse Score: N/A Status: N/A
Infohashe3a7098e3352fdbb5ff5991e9e10dcf3b43b1b86Malicious: 0 Suspicious: N/A Malware Family: N/A MetaDefender %: 100 Blocked Reason: N/A Zone: Red Hits Count: 100 Abuse Score: N/A Status: N/A
Infohashdfc8afe5cb7377380908064551c9555719fd28e3Malicious: 0 Suspicious: N/A Malware Family: N/A MetaDefender %: N/A Blocked Reason: N/A Zone: Red Hits Count: 100 Abuse Score: N/A Status: N/A
Infohash2dc80f45540d0a3ea33830848fcf529f98ea2f5eMalicious: Kaspersky information not available Suspicious: N/A Zone: N/A Abuse Score: N/A Status: N/A
URLhttps://fus.rngupdatem.buzzStatus: Not Found
Domainus.archive-ubuntu.topMalicious: 10 Suspicious: 1 Status: Grey
Email[email protected]Zone: N/A
Domainminuaregionbecareful.comMalicious: 5
Suspicious: 1
Status: Grey
Email[email protected]Zone: N/A
Domainua-minagro.comMalicious: 5
Suspicious: 1
Status: Grey
Email[email protected]Zone: N/A
Domainchoicelive149200.comMalicious: 3
Suspicious: 0
Status: Grey
IP154.49.137.16Malicious: 2
Suspicious: 1
Zone: Grey Abuse Score: 0
Email[email protected]Zone: N/A
Email[email protected]Zone: N/A
IP45.9.148.165Malicious: 1
Suspicious: 1
Zone: Grey Abuse Score: 0
Domainlogin.microsoftidonline.comMalicious: 11
Suspicious: 0 Status: Grey
Domainnavalny-voting.netMalicious: 2
Suspicious: 1 Status: Green
Email[email protected]Zone: N/A
Infohashbb14153040608a4f559f48c20b98c1056c794a60Malicious: 12 Malware Family: fraud MetaDefender %: 100 Blocked Reason: Infected Zone: Grey Hits Count: Not Found
Infohash364a7f8e3701a340400d77795512c18f680ee67eMalicious: 41 Malware Family: linux MetaDefender %: 100 Blocked Reason: Infected Zone: Yellow Hits Count: 100
Infohash76ecd546374b24443d76c450cb8ed7226db84681Malicious: N/A
Suspicious: N/A
Zone: N/A
Infohash5dc4a48ebd4f4be7ffcf3d2c1e1ae4f2640e41caN/A
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments