Researchers Discover Novel P2Pinfect Malware Campaign Targeting Redis

Cado Security will publish a new blog revealing that Cado Security Labs has discovered a novel malware campaign.

Cado Security Labs researchers recently encountered a novel malware campaign targeting publicly-accessible deployments of the Redis data store. The malware, named “P2Pinfect” by the developer, is written in Rust and acts as a botnet agent. The sample analyzed by Cado researchers includes an embedded Portable Executable and an additional ELF executable, suggesting cross-platform compatibility between Windows and Linux.

In the time between encountering P2Pinfect and publishing this blog, Unit42 researchers also published an in-depth analysis of the Windows variant of the malware. According to their findings, the variant they encountered was delivered via exploitation of CVE-2022-0543, an LUA sandbox escape vulnerability present in specific versions of Redis. Cado researchers witnessed a different initial access vector, which will be detailed further in this blog. Which you can read here.

Leave a Reply

%d bloggers like this: