A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices.
Written in Rust, the P2Pinfect malware acts as a botnet agent, connecting infected hosts in a peer-to-peer topology.
In early samples reported on by SC Media September 20, the malware exploited Redis servers for initial access - a relatively common technique in cloud environments.
In explaining the attack, Cado Security Labs said in a Monday blog post it's highly likely that by targeting MIPS, the P2Pinfect developers intend to infect routers and IoT devices with the malware.
The researchers explained that MIPS processors are commonly used for embedded IoT devices and the architecture has been previously targeted by botnet malware, including high-profile families such as Mirai and its variants.
Matt Muir, threat intelligence lead at Cado Security, said his team believes the targeting of MIPS suggests that that threat actors behind P2Pinfect has begun to move beyond just attacking generic servers.
Muir pointed out that the team found that it's possible to run the Redis server on MIPS devices via a project provided by OpenWrt, an open source router firmware project.
Anurag Gurtu, CPO at StrikeReady, added that the recent discovery of a new P2Pinfect variant targeting MIPS devices - especially IoT devices - indicates a strategic shift by the malware developers.
Gurtu agreed with Muir that they are now exploiting vulnerabilities in IoT devices likely because of the widespread use of MIPS processors in these devices.
Emily Phelps, Director at Cyware, said shift in focus from Redis servers to embedded IoT devices suggests a strategic evolution.
Phelps said many attackers are increasingly exploiting the vast, often under secured network of IoT devices, partly attributed to the widespread use of IoT devices in critical infrastructure and everyday applications, which presents a lucrative target for malicious activities.
Rew Barratt, vice president at Coalfire, said if the P2Pinfect malware can land in a number of common IoT devices, it's very possible that it can create its own mesh among the devices, making it incredibly hard to completely remove them, also giving multiple options for persistence, and command and control with devices typically not routinely accessible by XDR technology.
This Cyber News was published on packetstormsecurity.com. Publication date: Tue, 05 Dec 2023 14:43:06 +0000