Security News > 2023 > December > Stealthier version of P2Pinfect malware targets MIPS devices
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices.
P2Pinfect was discovered in July 2023 by Palo Alto Networks analysts as a new Rust-based worm that targets Redis servers vulnerable to CVE-2022-0543.
Following its initial discovery, Cado Security analysts who examined P2Pinfect reported that it was abusing the Redis replication feature to spread, creating replicas of the infected instance.
Later, in September, Cado warned about spiking P2Pinfect botnet activity targeting systems in the United States, Germany, the UK, Japan, Singapore, Hong Kong, and China.
The latest attacks observed on Cado's honeypots scan for SSH servers that use weak credentials and attempt to upload the MIPS binary via SFTP and SCP. Interestingly, propagation for the MIPS variant isn't restricted to SSH, as the researchers spotted attempts to run the Redis server on MIPS devices through an OpenWRT package named 'redis-server.
During static analysis, Cado researchers found that the new P2Pinfect is a 32-bit ELF binary with no debug information and an embedded 64-bit Windows DLL, which acts as a loadable module for Redis to enable shell command execution on the host.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-18 | CVE-2022-0543 | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |