Windows, Linux Redis servers subjected to novel P2PInfect malware attacks

BleepingComputer reports that internet-exposed Windows and Linux Redis servers that have not been patched against the critical Lua sandbox escape flaw, tracked as CVE-2022-0543, have been targeted by the new Rust-based P2PInfect worm malware, which features self-propagation capabilities. Only 934 of more than 307,000 Redis servers accessible through the internet were vulnerable to P2PInfect over the past two weeks but the risk of potential compromise remains amid the growing number of P2P nodes, a report from Palo Alto Networks' Unit 42 team revealed. P2PInfect leverages CVE-2022-0543 to facilitate remote code execution, which will be followed by the installation of a malicious payload and connection to a peer-to-peer communication network for further malicious binary downloads, which could enable the discovery of other vulnerable Redis servers. "Unit 42 believes this P2PInfect campaign is the first stage of a potentially more capable attack that leverages this robust P2P command and control (C2) network," researchers said.