P2PInfect malware variant targets IoT devices

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

Cybersecurity researchers from Cado Security Labs have uncovered a novel variant of the P2PInfect botnet that poses a heightened risk by targeting IoT devices.

The latest P2PInfect variant – compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture – signifies an expansion of the malware’s capabilities, potentially paving the way for widespread infections.

Security researcher Matt Muir highlighted the significance of targeting MIPS, suggesting a deliberate effort by P2PInfect developers to compromise routers and IoT devices.

The P2PInfect malware, initially disclosed in July 2023, is Rust-based and gained notoriety for exploiting a critical Lua sandbox escape vulnerability (CVE-2022-0543, CVSS score: 10.0) to infiltrate unpatched Redis instances.

The latest artefacts are designed to conduct SSH brute-force attacks on devices equipped with 32-bit MIPS processors, employing updated evasion and anti-analysis techniques to remain undetected.

The brute-force attempts against SSH servers involve the use of common username and password pairs embedded within the ELF binary itself. Both SSH and Redis servers are suspected to serve as propagation vectors for the MIPS variant, given the ability to run a Redis server on MIPS using the OpenWrt package known as redis-server.

The malware’s evasion techniques include self-termination when under analysis and an effort to disable Linux core dumps, files generated by the kernel after an unexpected process crash. The MIPS variant incorporates an embedded 64-bit Windows DLL module for Redis that enables the execution of shell commands on compromised systems.

Cado Security emphasises the significance of these developments, stating that the widening scope for P2PInfect – coupled with advanced evasion techniques and the use of Rust for cross-platform development – indicates the involvement of a sophisticated threat actor.

(Photo by George Pagan III on Unsplash)

See also: IoT Tech Expo: How emerging technologies are modernising financial institutions

Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Cyber Security & Cloud Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *