article thumbnail

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

Aqua Security

At the beginning of 2023, Aqua Nautilus researchers uncovered HeadCrab - an advanced threat actor utilizing a state-of-the-art, custom-made malware that compromised 1,200 Redis servers. Recently, our researchers detected a new version of the HeadCrab malware targeting our honeypots.

Malware 95
article thumbnail

Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware

Aqua Security

Aqua Nautilus discovered new Go based malware that targets Redis servers. Our investigation revealed new undetected malware written in Golang designed to target Redis servers to allow the attacking server to dominate the compromised machine. Therefore, the malware received the name Redigo.

Malware 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Kinsing Malware Exploits Novel Openfire Vulnerability

Aqua Security

Aqua Nautilus discovered a new campaign that exploits the Openfire vulnerability (CVE-2023-32315), that was disclosed in May of this year, to deploy Kinsing malware and a cryptominer. This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment.

Malware 116
article thumbnail

Detecting eBPF Malware with Tracee

Aqua Security

Lately, we have seen a rise in the number of eBPF based tools used for malicious goals such as rootkits ( ebpfkit, TripleCross ) and malwares ( pamspy ). It is widely used by many security tools for monitoring kernel activity to detect and protect organizations.

Malware 96
article thumbnail

Intro to Fileless Malware in Containers

Aqua Security

In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected.

Malware 124
article thumbnail

Linux Malware Campaign Targets Misconfigured Cloud Servers

Ooda Loop

Cado Security has issued a warning about a cryptojacking campaign leveraging Linux malware, which targets misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with innovative malicious payloads.

Malware 53
article thumbnail

Threat Alert: New Malware in the Cloud By TeamTNT

Aqua Security

The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Over the past week we observed three different attacks on our honeypots. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past infrastructure.

Malware 145