P2PInfect Botnet Adapts to Target MIPS-Based Devices, Posing Risks to Routers and IoT
Cybersecurity researchers at Cado Security Labs have uncovered a new variant of the P2PInfect botnet. This variant, compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, is engineered to target routers, IoT devices, and other embedded systems. The bot exhibits advanced evasion mechanisms, including the ability to circumvent execution in Virtual Machines (VM) and debuggers. Additionally, it supports anti-forensics on Linux hosts, making it a potent and elusive threat.
P2PInfect initially gained attention in July 2023 when Palo Alto Networks Unit 42 researchers discovered its P2P worm targeting Redis servers on both Linux and Windows systems. Operating in the Rust programming language, this worm exploits the Lua sandbox escape vulnerability CVE-2022-0543, providing it with enhanced scalability and potency.
Cado Security Labs reported a staggering 600x increase in P2PInfect traffic since late August, with a notable 12.3% surge in the week leading up to the publication of their analysis. Infections have been identified in several countries, including China, the United States, Germany, the United Kingdom, Singapore, Hong Kong, and Japan.
SALE: Benefit from discounted prices on our Courses from 24/11 to 06/12.
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
This new variant specifically focuses on embedded devices equipped with 32-bit MIPS processors. The choice of targeting MIPS suggests an intention to infect routers and IoT devices, as these processors are commonly employed in embedded systems. The malware employs SSH brute-forcing as a primary method of propagation, coupled with attempts to target Redis servers.
Notably, the bot attempts to disable Linux core dumps as part of its evasion strategy, aiming to avoid detection and impede forensic investigations. The 64-bit Windows DLL incorporated in the MIPS variant acts as a loader for Redis, allowing the execution of shell commands on compromised hosts.
Trending: Deep Dive to Fuzzing for Maximum Impact
Trending: Offensive Security Tool: ThreatMapper
Cado Security emphasized the sophisticated nature of P2PInfect’s evolution, noting its cross-platform targeting and diverse evasion techniques. The botnet’s continuous refinement suggests the work of a determined and sophisticated threat actor, raising concerns about its potential impact on a global scale.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: securityaffairs.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
