Spotted and analyzed by Doctor Web, Linux.Lady.1 is a Trojan horse for Linux written in the Go programming language developed by Google, which is quite rare. It is based on software libraries available on GitHub.
It is capable of collecting information on an infected computer (operating system, number of processors, running processes, etc.) to transfer it to a command and control server, and thus obtain a configuration file to allow implementation. of a cryptocurrency mining utility. The Trojan transfers to an electronic wallet.
It is not a question of exploiting a vulnerability of a Linux system but of a problem of bad configuration. In particular, the absence of a password for connections when using the Redis remote dictionary server for data storage (NoSQL).
Doctor Web adds that Linux.Lady.1 has the ability to attack other machines on the network by copying a copy of itself. The alert is therefore to be taken into consideration by system administrators and for Redis servers.
