Firms using the popular Redis NoSQL database have been advised to double check their configurations following the discovery of a crypto-currency-mining trojan called Linux.Lady that takes advantage of poor out-of-the-box security.
Up to 30,000 Redis servers may be vulnerable, largely because careless systems administrators have put them online without setting a password, combined with a general lack of default security in Redis.
Linux.Lady was discovered by Russian antivirus software firm Dr Web and is, intriguingly, written using Google's Go programming language, relying largely on open source Go libraries hosted on GitHub.
The malware uses a more compact trojan called Linux.Downloader.196 to download the main payload after infection. Linux.Lady, once installed and running, sends basic information about the cracked system to the command-and-control (C&C) server.
The next step in the infection process is a configuration file sent from the C&C server to start the crypto-currency mining process for the benefit of the malware's controllers. Linux.Lady is also self-propagating.
"This malware possesses the ability to collect information about an infected computer and transfer it to the C&C server, download and launch a crypto-currency mining utility, and attack other computers on the network to install its own copy on them," said the Dr Web advisory.
Once launched, the trojan checks the system for keys and terminates itself if they are missing:
- Version - display the trojan's version and terminate the session
- Install - install the trojan
- D - launch main payload of the trojan.
The Redis database server exploited by the trojan has already been criticised for poor security. The Risk Based Security report suggested in July that there were more than 6,300 compromised Redis servers online.
Redis is a NoSQL database system described as "ideal for storing data in the key-value format, using an in-memory system for handling the data and subsequent queries", according to Softpedia.
The lack of security features partly accounts for the decent performance of Redis in its default configuration.
Redis stands for REmote DIctionary Server and is the product of an open source project released in April 2009. It has been sponsored by VMware and Pivotal and is therefore a popular choice.
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff
The ICO is concerned with AggregateIQ's retention and processing of data used in the Brexit referendum