Internet-exposed Redis servers have been subjected to attacks deploying the XMRig cryptocurrency mining malware as part of the new RedisRaider Linux cryptojacking campaign, The Hacker News reports.Attacks commence with the scanning of Redis servers running on Linux and the subsequent exploitation of Redis's SET command for a cron job injection, followed by the modification of the Redis working directory and the installation of the RedisRaider binary, according to a report from Datadog Security Labs. Aside from deploying a custom XMRig version and spreading malware across other Redis instances, RedisRaider also features a web-based Monero miner for additional revenue generation, said researchers, who also discovered the campaign's integration of short-key time-to-live settings and modified database configurations for concealing malicious activity. Such findings follow a Guardz report detailing the exploitation of Microsoft Entra ID's legacy authentication protocols to facilitate brute-force attacks between mid-March and early April, most of which were from Eastern Europe and the Asia-Pacific.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds