New techniques in a second variant of the malware improved functionality and communication commands.
December 7, 2023 By Dan Raywood
BLACK HAT EUROPE 2023 — London — The HeadCrab malware, which adds infected devices to a botnet for use in cryptomining and other attacks, has resurfaced with a shiny new variant that allows root access to Redis open source servers.
Researchers from Aqua Security said the second variant of cryptomining malware has infected 1,100 servers; the first variant had already infected at least 1,200 servers.
The Root to Redis?
Security researcher Asaf Eitani, who is part of Team Nautilus, Aqua Security's research team, tells Dark Reading that while HeadCrab is not a traditional rootkit, the creator of the malware has added the ability for it to control a function and send a response.
"Basically, that's a rootkit behavior in the sense that he controls all the responses for those places," Eitani says. "So he can just modify the response and become invisible."