Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers (softpedia.com)

Posted by BeauHD on from the system-to-system dept.

An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that don't have an admin account password, access the database, and then download itself on the new target. The trojan mines for the Monero crypto-currency, the same one used by another worm called PhotoMiner, which targets vulnerable FTP servers. According to a recent Risk Based Security report from last month, there are over 30,000 Redis servers available online without a password, of which 6,000 have already been compromised by various threat actors.

3 of 62 comments (clear)

  1. But I've thought that linux was secure by Anonymous Coward · · Score: 3, Funny

    clearly the story is a fake there is no virus for linux because linux is OPEN SORES which means its BUGS are shallow and it is FREE FROM MALWARE. Wasn't freedom from malware one of the four freedoms?

  2. Um... What Access Control? by ewhac · · Score: 5, Insightful
    The developers are fairly up-front about this:

    Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket. [ emphasis mine ]

    There is an "authentication" feature, but it's amazingly primitive, and the credentials are sent in the clear -- in other words, next to useless. The rest of the page makes it fairly clear: If you are running a Redis server accepting connections from the open Internet, you are an idiot.

    --
    Editor, A1-AAA AmeriCaptions
  3. Clickbait by ilsaloving · · Score: 4, Insightful

    So in other words, the whole article/summary is flamebait/clickbait. Only an idiot would install a server and not configure an admin password.

    Saying that "Linux has malware!" because morons misconfigure an application running on Linux, is like saying "Windows has malware!" because SQL Server was installed with a blank sa password. I mean, sure, Windows does have malware, but this is just clickbait nonsense.