P2Pinfect - New Variant Targets MIPS Devices
04-Dec-23
Cado Security Labs has been tracking and reporting on the explosive expansion of the cross-platform botnet known as “P2Pinfect” since July 2023. As implied by its name, the Rust-written virus connects infected systems in a peer-to-peer topology, functioning as a botnet agent. The virus initially gained access to early samples by taking advantage of Redis, a method that is often used in cloud environments.
It has been found that a new version of P2Pinfect has been built for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.
This indicates that the people behind P2Pinfect are increasingly targeting routers, the Internet of Things (IoT), and other embedded devices.
These include debugger detection, anti-forensics on Linux hosts, and Virtual Machine (VM) identification techniques for embedded payloads.
