Security News > 2023 > December > Stealthier version of P2Pinfect malware targets MIPS devices

Stealthier version of P2Pinfect malware targets MIPS devices
2023-12-04 21:10

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices.

P2Pinfect was discovered in July 2023 by Palo Alto Networks analysts as a new Rust-based worm that targets Redis servers vulnerable to CVE-2022-0543.

Following its initial discovery, Cado Security analysts who examined P2Pinfect reported that it was abusing the Redis replication feature to spread, creating replicas of the infected instance.

Later, in September, Cado warned about spiking P2Pinfect botnet activity targeting systems in the United States, Germany, the UK, Japan, Singapore, Hong Kong, and China.

The latest attacks observed on Cado's honeypots scan for SSH servers that use weak credentials and attempt to upload the MIPS binary via SFTP and SCP. Interestingly, propagation for the MIPS variant isn't restricted to SSH, as the researchers spotted attempts to run the Redis server on MIPS devices through an OpenWRT package named 'redis-server.

During static analysis, Cado researchers found that the new P2Pinfect is a 32-bit ELF binary with no debug information and an embedded 64-bit Windows DLL, which acts as a loadable module for Redis to enable shell command execution on the host.


News URL

https://www.bleepingcomputer.com/news/security/stealthier-version-of-p2pinfect-malware-targets-mips-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-0543 Missing Authorization vulnerability in Redis
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
network
low complexity
redis CWE-862
critical
10.0