60K% P2Pinfect Malware Traffic Increase In The Last 3 Weeks, China Seeing Highest Number of Botnet Compromises: Cado Security

Cado Security discovered P2Pinfect, a novel peer-to-peer botnet targeting servers hosting publicly-accessible instances of Redis. At that time, it was clear that the malware was under active development, and the botnet was in its infancy. 

Since then, Cado has closely followed the proliferation of this malware, noting a sharp increase in initial access events attributable to P2Pinfect. The malware’s developers appear to be iterating on the capabilities of deployed payloads, releasing new variants with incremental updates at an extremely frequent rate. 

Cado Security has published a new blog analyzing the botnet itself, which has grown exponentially since the malware’s discovery and covering the new capabilities of P2Pinfect Linux variants. At this time, Cado researchers have analyzed four variants of P2Pinfect payloads. 

Cado researchers have witnessed the following:

  • A 60,216.7% or a 600x increase in P2Pinfect traffic since August 28, 2023. 
  • A 12.3% increase in traffic occurred in just the week before this.
  • The highest concentration of compromises are seen in China.
  • East Asian & US Cloud Service Providers (CSPs) leveraged as P2Pinfect peers.

You can read the details here.

Leave a Reply

%d bloggers like this: