MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks

A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices.
Written in Rust, the P2Pinfect malware acts as a botnet agent, connecting infected hosts in a peer-to-peer topology.
In early samples reported on by SC Media September 20, the malware exploited Redis servers for initial access - a relatively common technique in cloud environments.
In explaining the attack, Cado Security Labs said in a Monday blog post it's highly likely that by targeting MIPS, the P2Pinfect developers intend to infect routers and IoT devices with the malware.
The researchers explained that MIPS processors are commonly used for embedded IoT devices and the architecture has been previously targeted by botnet malware, including high-profile families such as Mirai and its variants.
Matt Muir, threat intelligence lead at Cado Security, said his team believes the targeting of MIPS suggests that that threat actors behind P2Pinfect has begun to move beyond just attacking generic servers.
Muir pointed out that the team found that it's possible to run the Redis server on MIPS devices via a project provided by OpenWrt, an open source router firmware project.
Anurag Gurtu, CPO at StrikeReady, added that the recent discovery of a new P2Pinfect variant targeting MIPS devices - especially IoT devices - indicates a strategic shift by the malware developers.
Gurtu agreed with Muir that they are now exploiting vulnerabilities in IoT devices likely because of the widespread use of MIPS processors in these devices.
Emily Phelps, Director at Cyware, said shift in focus from Redis servers to embedded IoT devices suggests a strategic evolution.
Phelps said many attackers are increasingly exploiting the vast, often under secured network of IoT devices, partly attributed to the widespread use of IoT devices in critical infrastructure and everyday applications, which presents a lucrative target for malicious activities.
Rew Barratt, vice president at Coalfire, said if the P2Pinfect malware can land in a number of common IoT devices, it's very possible that it can create its own mesh among the devices, making it incredibly hard to completely remove them, also giving multiple options for persistence, and command and control with devices typically not routinely accessible by XDR technology.


This Cyber News was published on packetstormsecurity.com. Publication date: Tue, 05 Dec 2023 14:43:06 +0000


Cyber News related to MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks

MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
10 months ago Packetstormsecurity.com
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
10 months ago Securityboulevard.com
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
10 months ago Bleepingcomputer.com
Rust-Based Botnet P2Pinfect Targets MIPS Architecture - The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published ...
10 months ago Infosecurity-magazine.com
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously - Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware. ...
5 months ago Darkreading.com
Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
1 year ago Cybersecuritynews.com
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
1 year ago Heimdalsecurity.com
Here's Why the World is Investing So Much in Semiconductors - Hannah Mullane, a BBC correspondent, recently visited Pragmatic Semiconductor, the UK's newest computer chip facility in Durham. The large site is being turned into a sophisticated computer chip production hub. Pragmatic Semiconductor has already ...
8 months ago Cysecurity.news
TPM Chips and the Use of TPM in Virtualization Technology - TPM chips have grown in relevance in both physical and virtual contexts, where they play a critical role in data security and preserving the integrity of computer systems. TPM chips, their functionality, and how they are used in virtualization ...
8 months ago Feeds.dzone.com
HeadCrab Malware Compromises Over 1,200 Redis Servers Worldwide New Stealthy Threat Detected - At least 1,200 Redis database servers around the world have been taken over by a dangerous and hard-to-detect threat called HeadCrab since early September 2021. According to Aqua Security researcher Asaf Eitani, this advanced threat actor uses a ...
1 year ago Thehackernews.com
New Migo malware disables protection features on Redis servers - Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Redis is an in-memory data structure store used as a database, cache, and message broker known ...
7 months ago Bleepingcomputer.com
IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
7 months ago Securityzap.com
What Using Security to Regulate AI Chips Could Look Like - Policy enforcement recommendations include limiting the performance of systems and implementing security features that can remotely disable rogue chips. Governments have largely focused on software for AI policy, and the paper is a companion piece ...
7 months ago Darkreading.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
8 months ago Securityintelligence.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
3 months ago Pandasecurity.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
9 months ago Securityzap.com
China Telecom Trains AI Model Using Domestic Chips - The Institute of AI at China Telecom, one of China’s main state-backed telecoms firms, said the open source TeleChat2-115B and a second unnamed model were trained using tens of thousands of domestically produced chips. ByteDance, the ...
4 days ago Silicon.co.uk
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
8 months ago Securityzap.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
5 months ago Pandasecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
9 months ago Esecurityplanet.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
9 months ago Feeds.dzone.com
HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
1 year ago Bleepingcomputer.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
4 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
4 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
4 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)