New P2PInfect bot targets routers and IoT devices
New P2PInfect bot targets routers and IoT devices
December 04, 2023
Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices.
Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.
The new bot supports updated evasion mechanisms, can avoid execution in a Virtual Machine (VM) and a debugger and supports anti-forensics on Linux hosts.
In July 2023, Palo Alto Networks Unit 42 researchers first discovered the P2P worm P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and potent than other worms.
The worm is written in the Rust programming language, it targets Redis instances by exploiting the Lua sandbox escape vulnerability CVE-2022-0543 (CVSS score 10.0).
In September, Cado Security Labs reported to have witnessed a 600x increase in P2Pinfect traffic since August 28th. According to the researchers, traffic experienced a 12.3% surge during the week leading up to the publication of their analysis.
P2Pinfect infections have been reported in China, the United States, Germany, the United Kingdom, Singapore, Hong Kong and Japan.
Experts linked the surge in botnet traffic with the growing number of variants detected in the wild, a circumstance that suggests that the authors are actively improving their bot.
“Cado Security Labs researchers have since encountered a new variant of the malware, specifically targeting embedded devices based on 32-bit MIPS processors, and attempting to bruteforce SSH access to these devices.” reads the report published by Cado Security. “It’s highly likely that by targeting MIPS, the P2Pinfect developers intend to infect routers and IoT devices with the malware. Use of MIPS processors is common for embedded devices and the architecture has been previously targeted by botnet malware, including high-profile…
