An unknown group of hackers is using a novel strain of malware to attack publicly accessible deployments of Redis — a popular data storage tool used by major companies like Amazon, Hulu and Tinder.
Researchers from Cado Security Labs explained that what stood out most was the fact that the malware appears to be a worm — a subset of malware that can propagate or self-replicate from one computer to another without human activation after breaching a system.
The researchers said they recently encountered the malware, which they labeled “P2Pinfect,” and were alarmed at its ability to self-propagate and spread itself to other vulnerable Redis deployments. The report does not name specific victims of the malware, and Cado Security said it is unclear what the botnet's purpose is.
The hacking campaign was initially analyzed by Palo Alto’s Unit 42 in a report on July 19, which found the malware exploiting CVE-2022-0543 to take over Redis applications and add them to a botnet — a group of computers that have been infected in a way that allows a hacker to control them all.