The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog in the code provides clues and takes swipes at the defenders.
Last year, the then new malware HeadCrab caused trouble. Cybercriminals used the cutting-edge malware, which remains undetectable by agentless and traditional antivirus solutions, to compromise Redis servers. The criminals' campaign has been active since September 2021 and by the beginning of 2023 had already compromised 1.200 servers worldwide in order to misuse them for cryptojacking. Now the security experts from Aqua's Team Nautilus discovered a new version of the HeadCrab malware with new advanced mechanisms. Nautilus' ongoing investigation shows that the issue has not really improved since it was first disclosed last year. In fact, the criminals were able to almost double the number of infected Redis servers as part of their ongoing campaign.
Insight into the mini blog
During the continuous investigation of HeadCrab, Team Nautilus experts came across an interesting component in the first version of the malware: a mini-blog. In a small text within the malware, the criminals discuss the campaign's strategies and specific references to associated events, explain their approach - and do not shy away from taking swipes at their Team Nautilus opponents. This blog has become a solid source of information about HeadCrab, providing insight directly from the attacker's perspective. In the first version of HeadCrab, discovered by Nautilus in early 2023, Aqua was mentioned in this mini-blog and linked to an earlier blog post that Nautilus had published. In this new version of the malware, the actors mention Nautilus again and address them directly with a statement: “…basically I agree: I mine cuz it almost doesn't harm human life and feelings (if done right), but its a parasitic and inefficient way of making $. In fact 80% of such systems are already mining, but this is not an excuse: ppl are motivated, and if kicked out, will mine somewhere else”.
More at Aquasec.com
About Aqua Security Aqua Security is the largest pure cloud native security provider. Aqua gives its customers the freedom to innovate and accelerate their digital transformation. The Aqua platform provides prevention, detection, and response automation across the application lifecycle to secure the supply chain, cloud infrastructure, and ongoing workloads—regardless of where they are deployed.
Matching articles on the topic