HQ/EMEAFind out how we can help your business
Security researchers discovered a new peer-to-peer malware called P2PInfect with self-spreading capabilities earlier this month. This newly discovered P2P malware could exploit Redis Instances that operate on Internet-exposed Linux and Windows systems.
The researchers who identified the Rust-based worm also discovered it hacks into Redis servers vulnerable to the CVE-2022-0543 Lua sandbox escape flaw.
Over 307,000 internet-exposed Redis Servers have been in the last two weeks. However, there are only 934 instances that are potentially prone to the new malware’s attacks. Non-exposed servers should not let their guard down since the worm will still try to target and compromise them.
The researchers said they had caught multiple samples within their HoneyCloud platform across numerous geographic regions. Hence, they assume that the number of P2P nodes will grow exponentially.
The primary cause of this attack could be the result of the 307,000 Redis instances that were communicated publicly over the past couple of weeks. In addition, the worm has already been proven that it could compromise several Redis honeypots in different regions.
However, the researchers could not estimate how many nodes exist or how fast the malicious network is associated with the malware.
P2PInfect could acquire RCE capabilities by exploiting a flaw.
Successfully exploiting the CVE-2022-0543 could allow the P2PInfect to obtain remote code execution capabilities on infected devices. Next, the malware worm installs a malicious payload to create a peer-to-peer communication channel within a more comprehensive interconnect system.
Subsequently, the worm will download additional malicious binaries after it connects to the P2P network of other compromised devices utilised for auto-propagation. This process also includes scanning tools to scour other exposed Redis servers.
Researchers explained that once a P2PInfect operator exploits, the CVE-2022-0543 could execute more effective propagation capabilities in cloud container environments.
A separate researcher claimed that this P2PInfect campaign is an initial stage of a more sophisticated threat campaign that leverages this potent P2P C2 network. Experts suggest that organisations that run on Redis should adopt a more secure network since many threat actors are trying to target these servers.
