The HeadCrab malware, known for incorporating infected devices into a botnet for various cyber activities, has reappeared with a novel variant that grants root access to Redis open source servers.
According to findings by Aqua Security researchers, the second version of this cryptomining malware has impacted 1,100 servers, with the initial variant having already compromised a minimum of 1,200 servers.
Asaf Eitani, a security researcher from Team Nautilus, Aqua Security’s research team, clarified that while HeadCrab doesn’t conform to the typical rootkit, its creator has endowed it with the capability to manipulate a function and generate responses. In essence, this mirrors rootkit behavior as it gains control over responses, allowing it to modify and remain undetected.
Eitani explained, “The tradition of the term rootkit is malware that has root access and controls everything, but in this sense, you are able to control what the user sees.”
The updated variant includes subtle adjustments enabling attackers to better conceal their activities. Custom commands have been removed, and encryption has been integrated into the command and control infrastructure, enhancing stealth.
A distinctive feature of HeadCrab is a “mini blog” within the malware, where the author,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: