Redis safe mode introduced in 3.2 reduced the problem but still folks actively misconfigure Redis before putting it in a public IP... Now there are ACLs in Redis 6 that will mitigate this even more, but it's a lost game, because images are created with installations of Redis that are made completely accessible on purpose.
This happened to me, but it's because our sysadmin left a firewall port open to the whole world without setting a password on redis, which allowed a random drive by port scan to inject a LUA script. They couldn't escalate privileges, only run the miner and make the server mostly unresponsive.
