A

new trojan has been discovered in the wild, targeting Linux servers that run Redis NoSQL database. Due to insecure configurations by sysadmins and a general lack of security in Redis, up to 30,000 Redis servers have become vulnerable to attacks. The malware converts these servers into notorious Bitcoin miners.

This malware has recently been discovered by Russian anti-virus firm Dr. Web. Interestingly, the malware is written in Google’s Go programming language and relies on open source Go libraries hosted on GitHub.

For those who don’t know, Redis is a NoSQL database system that is used to store data in key-value format. It makes use of an in-memory system for data handling and subsequent queries.

How does Linux.lady operate?

After the initial infection, Linux.lady uses another trojan named Linux.Downloader.196 to download the main payload. Once installed, Linux.Lady sends back basic information about the compromised system to the c&c (command and control) server over SSH:

Here’s the information sent by the trojan:

Trojan’s version

Number of CPUs on the machine

Host’s name

Number of running processes

Name of the operating system

Family of the operating system

Host’s uptime

Using the received information and number of CPUs, a configuration file is sent from the c&c server that starts the bitcoin mining process on the infected computer. Being a self-propagating malware, Linux.lady has the power to infect other computers on the network.

It’s interesting to note that while Linux.lady targets Linux systems, it doesn’t exploit any Linux flaw. In the recent times, the poor security of Redis database has been repeatedly criticized in different security reports.

The sysadmins are advised to enable security mechanisms that will put extra safety layers. Dr. Web also recommends the use of its own anti-virus to defeat Linux.lady.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Also Read: The 21 Bitcoin Computer is a Small Linux-powered Machine for Bitcoin Mining