Threat actors have been targeting poorly secured Redis servers with a new sophisticated SkidMap malware variant that could compromise various Linux distributions, including Alibaba, RedHat, Stream, Anolis, and openEuler, according to The Hacker News. Vulnerable Redis servers are being compromised with a dropper shell script that facilitates the deployment of a GIF file-spoofing ELF binary, which then prompts the inclusion of SSH keys to a root file while deactivating SELinux and downloading a proper package, a Trustwave report showed.
Source: SC Magazine