A NEW TROJAN targeting Linux servers has been detected in a wild, exploiting servers regulating a Redis NoSQL database to use them for bitcoin mining.
Up to 30,000 Redis servers might be vulnerable, mostly since drifting systems administrators have put them online but environment a password.
The Linux.Lady malware was detected by Russian antivirus program businessman Dr Web and is, intriguingly, created regulating Google’s Go programming language, mostly formed on open source Go libraries hosted on GitHub.
The malware uses a some-more compress trojan called Linux.Downloader.196 to download a categorical cargo after infection. Linux.Lady, once commissioned and running, sends simple information about a burst complement to a command-and-control (CC) server.
The subsequent step in a infection routine is a pattern record sent from a CC server to start a crypto-currency mining routine for a advantage of a malware’s controllers. Linux.Lady is also self-propagating.
“This malware possesses a ability to collect information about an putrescent mechanism and send it to a CC server, download and launch a crypto-currency mining utility, and conflict other computers on a network to implement a possess duplicate on them,” pronounced a Dr Web advisory.
Once launched, a trojan checks a complement for keys and terminates itself