Attacks with the P2Pinfect botnet malware have been targeted at Redis servers, with the payload not only leveraging various Redis exploits for initial access but also using Rust for further development, reports SiliconAngle.
Aside from utilizing numerous analysis bypass techniques, P2Pinfect also performs Redis and SSH server scans and self-replication, a report from Cado Security showed.
Internet-exposed Redis servers have been compromised through the exploitation of the replication feature, with the initial ELF payload found to facilitate host SSH configuration manipulation to enable server access. P2Pinfect also uses a peer-to-peer botnet to allow communication between infected servers without the need for a centralized command-and-control server.
"P2Pinfect is well-designed and utilizes sophisticated techniques for replication and C2. The choice of using Rust also allows for easier portability of code across platforms (with the Windows and Linux binaries sharing a lot of the same code) while also making static analysis of the code significantly harder," said researchers.
