Rust-Based Botnet P2Pinfect Targets MIPS Architecture

The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication.
Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published today by Cado Security.
Initially exploiting Redis for entry into systems, P2Pinfect has now unveiled a new variant specifically crafted for Microprocessor without Interlocked Pipelined Stages architecture, indicating a strategic shift in its targets.
This latest move signifies an alarming escalation in the botnet's tactics, showcasing a deliberate focus on routers, Internet of Things devices and various embedded systems.
The utilization of MIPS processors in these devices makes them particularly vulnerable to the P2Pinfect threat.
Researchers at Cado Security Labs stumbled upon this MIPS variant while investigating files uploaded via SFTP and SCP to an SSH honeypot.
Unlike earlier iterations that primarily leveraged SSH servers for propagation, this variant stands out for attempting brute-force SSH access to embedded devices.
It was discovered that the malware could exploit Redis on MIPS devices using the OpenWRT package named redis-server.
Static analysis of the MIPS variant uncovered a 32-bit ELF binary with stripped debug information, as well as an embedded 64-bit Windows DLL. This DLL functions as a malicious loadable module for Redis, introducing a Virtual Machine evasion function to complicate analysis efforts further.
What also sets this variant apart is its adoption of a new evasion technique called TracerPid, which spawns a child process to detect dynamic analysis tools.
P2Pinfect seeks to disable Linux core dumps, presumably as an anti-forensic measure to safeguard crucial information from exposure.
According to Cado Security researchers, the evolution in tactics used by P2Pinfect, combined with its expanded target range and advanced evasion techniques, strongly indicates the involvement of a determined and sophisticated threat actor.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 04 Dec 2023 16:30:25 +0000


Cyber News related to Rust-Based Botnet P2Pinfect Targets MIPS Architecture

P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
1 year ago Securityboulevard.com
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
1 year ago Bleepingcomputer.com CVE-2022-0543
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
1 year ago Packetstormsecurity.com
Rust-Based Botnet P2Pinfect Targets MIPS Architecture - The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published ...
1 year ago Infosecurity-magazine.com
FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables - To support the static analysis of Go and Rust executables, FLOSS now extracts program strings using enhanced algorithms. Where traditional extraction algorithms provide compound and confusing string output FLOSS recovers the individual Go and Rust ...
1 year ago Mandiant.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases - The Rust Project has issued an update for its standard library, after a vulnerability researcher discovered a specific function used to execute batch files on Windows systems could be exploited using an injection flaw. The set of common functions ...
10 months ago Darkreading.com CVE-2024-24576
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
9 months ago Packetstormsecurity.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
9 months ago Tripwire.com
New Vo1d botnet variant infects 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has infected 1,590,299 Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised devices ...
1 week ago Bleepingcomputer.com
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised ...
1 week ago Bleepingcomputer.com
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
1 year ago Go.theregister.com Fancy Bear Volt Typhoon
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
1 year ago Darkreading.com Volt Typhoon
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials - CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. First spotted by Lacework Labs in 2022, the ...
1 year ago Bleepingcomputer.com CVE-2017-9841 CVE-2021-41773 CVE-2018-15133
CVE-2019-16760 - Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and ...
5 years ago
Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities - Google today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe ...
1 year ago Securityweek.com
Google throws $1m at Rust Foundation to build C++ bridges The Register - Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++. C++, a popular general purpose programming language, has arguably fallen out of fashion due to concerns over safety. ...
1 year ago Go.theregister.com
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet - MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. This campaign was discovered by researchers at the AhnLab Security Emergency Response ...
1 year ago Bleepingcomputer.com
Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
1 year ago Bleepingcomputer.com
PurpleFox malware infected thousands of systems in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
1 year ago Bleepingcomputer.com
PurpleFox malware infects thousands of computers in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
1 year ago Bleepingcomputer.com
Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
1 year ago Theregister.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
1 year ago Securityweek.com Volt Typhoon

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)