P2Pinfect, a novel peer-to-peer botnet that targets the Redis and SSH open-source services, has experienced a 600-time increase in activity since August 28, including a 12.3 percent increase in traffic over the past week. According to Cado Security Labs, P2Pinfect compromises have been seen in China, the US, Germany, the UK, Singapore, Hong Kong, and Japan. P2Pinfect was discovered in July, targeting servers hosting publicly accessible instances of the Redis open-source database. In a new blog post, the researchers noted that targeting Redis is only half of P2Pinfect's functionality, as the malware can also propagate via SSH and includes a list of username/password combinations to facilitate brute-force attacks. Matt Muir, the threat research lead at Cado Security Labs, explained that attackers could use a botnet of this size to conduct disruptive Distributed Denial-of-Service (DDoS) attacks, similar to those launched by hacktivists during the Russia-Ukraine war. Muir added that attackers could use it to mine cryptocurrency on a large scale, or to support additional malware campaigns or social engineering operations such as phishing. This article continues to discuss new findings regarding the P2Pinfect botnet.
SC Media reports "P2Pinfect Botnet Targets Redis and SSH Services"