Linux.Lady the Crypto-Currency Mining Trojan Discovered

Organizations reliant on Redis NoSQL a most sought after database require re-checking their configurations, security researchers advise. That's because the Linux.Lady crypto-currency Trojan, which mines digital money, has been discovered as it piggybacks on insufficient out-of-the-box security.

It is possible that a maximum of 30K Redis servers are susceptible to attack mainly since inadvertent system admins gave them an Internet connection devoid of constructing a password for them in addition to not having Redis secured by default.

Dr Web the anti-virus software company based in Russia discovered Linux.Lady. The Trojan program has been written with the programming language Go of Google. Also it's greatly dependent on Go libraries of the open source kind that are harbored on GitHub.

Linux.Lady utilizes one more compact malware known as Linux.Downloader.196 that pulls down the key payload following contamination. Linux.Lady, after being planted and executed, transmits back fundamental details regarding the infected computer to its C&C server.

After this, the command-and-control server sends one configuration file to the Trojan that then begins the process of mining crypto-currency to yield the money to Linux.Lady's controllers. The Trojan self-propagates too.

Specifically according to the advisory by Dr Web, the Linux.Lady malware is capable of garnering information regarding the computer it infects as well as transfer the same onto its command-and-control server. It pulls down crypto-currency mining software and executes it. Finally, it infects other PCs interconnected in a network for loading onto them a copy of its own. Theinquirer.net posted this, August 11, 2016.

Dr Web's Risk Based Security report for July indicated that over 6,300 hijacked Redis servers existed on the Internet. Also, a good 30,239 Redis servers could be obtained from the Shodan search engine while a total of 6,338 installations were compromised when the version was 1.2.0.

Redis or 'Remote Dictionary Server,' which's one NoSQL database arrangement, is recognized to be an ideal place to save data within the Key-value model, utilizing a system with inherent memory to handle data followed with incoming queries. Its first appearance was during April 2009 when its sponsors were Pivotal and VMware thus making it a users' popular selection.

» SPAMfighter News - 8/18/2016