Redigo

Redigo is a type of malware that exploits vulnerabilities in Redis servers, specifically the CVE-2022-0543 vulnerability. This harmful software can infiltrate systems through suspicious downloads, emails, or websites and once inside, it has the potential to steal personal information, disrupt operations, or even hold data for ransom. In recent attacks, Redigo, along with another malware called Muhstik, compromised Redis instances leading to denial-of-service (DoS), flooding, and brute-forcing attacks against other systems. The CVE-2022-0543 vulnerability has been repeatedly exploited in previous attacks aimed at Redis servers by both the Muhstik and Redigo botnets. Last year, threat actors used this vulnerability to incorporate cloud instances into these botnets, which were then utilized to run DoS and brute-force attacks against various systems. This pattern of exploitation has established Redigo as a significant threat to Redis servers, following other malwares like HeadCrab that have targeted these servers in recent months. In response to these threats, patches for the CVE-2022-0543 vulnerability, which was previously exploited in Muhstik and Redigo attacks, were released in April 2022. Despite these protective measures, the ongoing use of this vulnerability by malicious actors underscores the critical need for constant vigilance and timely patching of known vulnerabilities in order to safeguard systems from such damaging malware.