{"id":214397,"date":"2025-05-21T05:18:40","date_gmt":"2025-05-21T10:18:40","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/05\/go-based-malware-deploys-xmrig-miner-on-linux-hosts-via-redis-configuration-abuse"},"modified":"2025-05-21T05:18:40","modified_gmt":"2025-05-21T10:18:40","slug":"go-based-malware-deploys-xmrig-miner-on-linux-hosts-via-redis-configuration-abuse","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/05\/go-based-malware-deploys-xmrig-miner-on-linux-hosts-via-redis-configuration-abuse","title":{"rendered":"Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/go-based-malware-deploys-xmrig-miner-on-linux-hosts-via-redis-configuration-abuse2.jpg\"><\/a><\/p>\n<p>Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that\u2019s targeting publicly accessible Redis servers.<\/p>\n<p>The malicious activity has been codenamed <b>RedisRaider <\/b>by Datadog Security Labs.<\/p>\n<p>\u201cRedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,\u201d security researchers Matt Muir and Frederic Baguelin <a href=\"https:\/\/securitylabs.datadoghq.com\/articles\/redisraider-weaponizing-misconfigured-redis\/\" rel=\"noopener\" target=\"_blank\">said<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that\u2019s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. \u201cRedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,\u201d security researchers Matt Muir [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1878,8],"tags":[],"class_list":["post-214397","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-employment","category-space"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/214397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=214397"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/214397\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=214397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=214397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=214397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}