HeadCrab 2.0 discovered

B2B Cyber ​​Security ShortNews

Share post

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog in the code provides clues and takes swipes at the defenders.

Last year, the then new malware HeadCrab caused trouble. Cybercriminals used the cutting-edge malware, which remains undetectable by agentless and traditional antivirus solutions, to compromise Redis servers. The criminals' campaign has been active since September 2021 and by the beginning of 2023 had already compromised 1.200 servers worldwide in order to misuse them for cryptojacking. Now the security experts from Aqua's Team Nautilus discovered a new version of the HeadCrab malware with new advanced mechanisms. Nautilus' ongoing investigation shows that the issue has not really improved since it was first disclosed last year. In fact, the criminals were able to almost double the number of infected Redis servers as part of their ongoing campaign.

Insight into the mini blog

During the continuous investigation of HeadCrab, Team Nautilus experts came across an interesting component in the first version of the malware: a mini-blog. In a small text within the malware, the criminals discuss the campaign's strategies and specific references to associated events, explain their approach - and do not shy away from taking swipes at their Team Nautilus opponents. This blog has become a solid source of information about HeadCrab, providing insight directly from the attacker's perspective. In the first version of HeadCrab, discovered by Nautilus in early 2023, Aqua was mentioned in this mini-blog and linked to an earlier blog post that Nautilus had published. In this new version of the malware, the actors mention Nautilus again and address them directly with a statement: “…basically I agree: I mine cuz it almost doesn't harm human life and feelings (if done right), but its a parasitic and inefficient way of making $. In fact 80% of such systems are already mining, but this is not an excuse: ppl are motivated, and if kicked out, will mine somewhere else”.

More at Aquasec.com


About Aqua Security

Aqua Security is the largest pure cloud native security provider. Aqua gives its customers the freedom to innovate and accelerate their digital transformation. The Aqua platform provides prevention, detection, and response automation across the application lifecycle to secure the supply chain, cloud infrastructure, and ongoing workloads—regardless of where they are deployed.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more