Cybersecurity researchers from Cado Security Labs have identified a new variant of the P2Pinfect botnet, designed to target routers, IoT devices, and embedded systems. This strain, compiled for the MIPS architecture, demonstrates advanced evasion techniques, including anti-virtual machine measures and anti-debugger support on Linux. The researchers noted a significant uptick in P2Pinfect traffic, experiencing a 600-fold increase since late August. This growth is attributed to the botnet’s continuous development and the deployment of various variants in the wild. The P2Pinfect botnet, initially discovered in July 2023, leverages the Rust programming language and exploits the Lua sandbox escape vulnerability (CVE-2022-0543) to target Redis servers on Linux and Windows systems. The latest variant, however, specifically targets devices with 32-bit MIPS processors.
The researchers believe the intent is to infect routers and IoT devices, common applications of the MIPS architecture. The botnet likely spreads through SSH brute-forcing and Redis server exploitation, adapting its tactics for diverse targets. Cado Security Labs reported a surge in P2Pinfect traffic, particularly in the weeks leading up to their analysis, showcasing the botnet’s active development and deployment of new variants. The ability to target embedded devices with 32-bit MIPS processors underscores the botnet’s flexibility and sophistication. The evolving threat landscape poses challenges for defenders, as the botnet continues to adapt and broaden its scope, making it a dynamic and persistent cybersecurity concern. The P2Pinfect botnet’s continuous evolution, cross-platform targeting, and the use of advanced evasion techniques point to a determined and sophisticated threat actor.
As the botnet’s operators refine their strategies, the potential for further growth and impact remains a significant concern. The latest variant’s focus on routers and IoT devices highlights the adaptability of the botnet, presenting an ongoing challenge for cybersecurity professionals striving to counter its multifaceted and evolving tactics.
Reference:
