December 4, 2023 at 06:54AM
Cybersecurity experts have uncovered a new version of the P2PInfect botnet targeting routers and IoT devices, now able to infect devices using MIPS architecture. First identified in 2023 exploiting a critical Redis vulnerability, P2PInfect has evolved with evasion tactics and now includes a Windows DLL module, indicating a sophisticated threat actor behind its development.
Meeting Takeaways:
1. A new variant of the P2PInfect botnet has been discovered by cybersecurity researchers targeting routers and IoT devices.
2. This variant is compiled for MIPS architecture, which allows it to affect a broader range of devices.
3. The malware is built in Rust and was first disclosed in July 2023, targeting unpatched Redis instances through a critical Lua sandbox escape vulnerability (CVE-2022-0543).
4. Increased activity of P2PInfect correlates with the release of new variants which involve improved evasion and anti-analysis techniques.
5. The MIPS variant carries out SSH brute-force attacks using common login credentials and can also target Redis servers on OpenWrt platforms.
6. Evasion methods include the ability to detect analysis and self-terminate, and to disable Linux core dumps.
7. An embedded 64-bit Windows DLL module for Redis enables the execution of commands on compromised systems.
8. The sophistication and rapid growth of the botnet suggest it’s operated by an advanced threat actor.
9. It is advisable to stay informed on cybersecurity threats by following relevant posts on Twitter and LinkedIn.