A new and dangerous computer virus has been targeting Linux servers, its goal: to turn computer servers into Bitcoin miners. The attack is aimed at environments running the Redis NoSQL database, the virus is also able to probe the network interfaces of its hosts to propagate itself.
Approximately more than 30,000 servers running the Redis database are in danger due to the lack of an access password. The virus is named “Linux.Lady” and it was discovered first by the Russian IT-security solutions vendor Dr. Web. The company released a report on the virus, classifying it into the Trojan subcategory.
Linux.Lady is written in the google’s programming language Go, Dr. Web warned that the virus is self-propagating, which makes it highly infectious. Although Linux.Lady isn’t the only virus written in Go, the programming language is not often used to design malware.
The Trojan uses a submodule called Linux.Downloader-196 to download its most critical –and dangerous– components from the internet. Once installed, the program collects and sends information about its host to the virus’s Command and Control Center (C&C), after that, the C&C will send a configuration file to the infected machine to begin the Bitcoin mining process.
Redis database systems have been heavily criticized before for its inadequate security measures against this types of attacks. The main point being that Redis administrators have the option to leave the password field blank. A report made by Risk Based Security firm found that more than 6,300 Redis servers were exposed –they didn’t have a password setting in place–.