New Go-based Redigo malware targets Redis serversSecurity Affairs

The attack chain starts with scans for the Redis server exposing port 6379 to the internet, then threat actors attempt to connect and run the following Redis commands:Attackers loads the library file exp_lin.so and executes the exploit code for the above flaw. AquaSec researchers believe that threat actors are using the Redigo malware to infect Redis and add them to a botnet used to launch denial-of-service (DDoS) attacks, run cryptocurrency miners, or steal data from the servers. The second use of the command is done to download the newly discovered malware from the attacking server – Redigo.