Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
Sep 21, 2023
Botnet / Cyber Threat
The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's developers are operating at an extremely high development cadence," Cado Security researcher Matt Muir said in a report published Wednesday. A majority of the compromises have been reported in China, the U.S., Germany, the U.K., Singapore, Hong Kong, and Japan. P2PInfect first came to light in July 2023 for its ability to breach poorly secured Redis instances. The threat actors behind the campaign have since resorted to different approaches for initial access, including the abuse of the database's replication feature to deliver the malware. Cado Security said it has observed an increase in initial access events attributable to P2PInfect in which the Redis SLAVEOF command