RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale

Datadog Security Research describes RedisRaider, a Go-based cryptojacking worm that aggressively scans the IPv4 space for exposed Redis instances, exploits misconfigured/unauthenticated servers by writing short‑TTL Redis keys and using CONFIG/BGSAVE to place cron jobs in /etc/cron.d, then downloads and unpacks a packed XMRig miner (and also hosts an in-browser Monero miner). The report includes technical analysis of the dropper and unpacking routines, obfuscation techniques (Garble and custom packing), runtime behaviors, example commands and logs, IOCs (domain, IP, payload URLs, and SHA-256 hashes), and mitigation recommendations for defenders.