redis trojan malwareShort Bytes: Named Linux.lady, a new trojan has been reported by Russian anti-virus firm Dr. Web. This malware attacks a poorly configured Redis server and turns it into a bitcoin miner for the attacker’s benefit. This trojan spreads on its own by infecting the other computers on the network.

A new trojan has been discovered in the wild, targeting Linux servers that run Redis NoSQL database. Due to insecure configurations by sysadmins and a general lack of security in Redis, up to 30,000 Redis servers have become vulnerable to attacks. The malware converts these servers into notorious Bitcoin miners.

This malware has recently been discovered by Russian anti-virus firm Dr. Web. Interestingly, the malware is written in Google’s Go programming language and relies on open source Go libraries hosted on GitHub.

For those who don’t know, Redis is a NoSQL database system that is used to store data in key-value format. It makes use of an in-memory system for data handling and subsequent queries.

How does Linux.lady operate?

After the initial infection, Linux.lady uses another trojan named Linux.Downloader.196 to download the main payload. Once installed, Linux.Lady sends back basic information about the compromised system to the c&c (command and control) server over SSH:

Here’s the information sent by the trojan:

  • Trojan’s version
  • Number of CPUs on the machine
  • Host’s name
  • Number of running processes
  • Name of the operating system
  • Family of the operating system
  • Host’s uptime

Using the received information and number of CPUs, a configuration file is sent from the c&c server that starts the bitcoin mining process on the infected computer. Being a self-propagating malware, Linux.lady has the power to infect other computers on the network.

It’s interesting to note that while Linux.lady targets Linux systems, it doesn’t exploit any Linux flaw. In the recent times, the poor security of Redis database has been repeatedly criticized in different security reports.

The sysadmins are advised to enable security mechanisms that will put extra safety layers. Dr. Web also recommends the use of its own anti-virus to defeat Linux.lady.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Also Read: The 21 Bitcoin Computer is a Small Linux-powered Machine for Bitcoin Mining

Adarsh Verma
Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]