Cado Security will publish a new blog revealing that Cado Security Labs has discovered a novel malware campaign.
Cado Security Labs researchers recently encountered a novel malware campaign targeting publicly-accessible deployments of the Redis data store. The malware, named “P2Pinfect” by the developer, is written in Rust and acts as a botnet agent. The sample analyzed by Cado researchers includes an embedded Portable Executable and an additional ELF executable, suggesting cross-platform compatibility between Windows and Linux.
In the time between encountering P2Pinfect and publishing this blog, Unit42 researchers also published an in-depth analysis of the Windows variant of the malware. According to their findings, the variant they encountered was delivered via exploitation of CVE-2022-0543, an LUA sandbox escape vulnerability present in specific versions of Redis. Cado researchers witnessed a different initial access vector, which will be detailed further in this blog. Which you can read here.
Like this:
Like Loading...
Related
This entry was posted on July 31, 2023 at 9:00 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Researchers Discover Novel P2Pinfect Malware Campaign Targeting Redis
Cado Security will publish a new blog revealing that Cado Security Labs has discovered a novel malware campaign.
Cado Security Labs researchers recently encountered a novel malware campaign targeting publicly-accessible deployments of the Redis data store. The malware, named “P2Pinfect” by the developer, is written in Rust and acts as a botnet agent. The sample analyzed by Cado researchers includes an embedded Portable Executable and an additional ELF executable, suggesting cross-platform compatibility between Windows and Linux.
In the time between encountering P2Pinfect and publishing this blog, Unit42 researchers also published an in-depth analysis of the Windows variant of the malware. According to their findings, the variant they encountered was delivered via exploitation of CVE-2022-0543, an LUA sandbox escape vulnerability present in specific versions of Redis. Cado researchers witnessed a different initial access vector, which will be detailed further in this blog. Which you can read here.
Share this:
Like this:
Related
This entry was posted on July 31, 2023 at 9:00 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.