"Experts Discovered a Previously Undocumented Initial Access Vector Used by P2PInfect Worm"
Cado Security has discovered a new variant of the peer-to-peer (P2P) worm known as the P2PInfect, which targets Redis servers with a previously undocumented initial access vector. In July, researchers at Palo Alto Networks Unit 42 found the new P2P worm targeting Redis servers running on both Linux and Windows. P2PInfect is more scalable and potent than other worms due to its ability to target Redis servers running on Linux and Windows operating systems. The worm is written in the Rust programming language and exploits the Lua sandbox escape vulnerability, tracked as CVE-2022-0543 with a CVSS score of 10.0, to target Redis instances. The Muhstik and Redigo botnets have previously exploited this vulnerability in attacks against Redis servers. The malware exploits CVE-2022-0543 to gain initial access and then drops an initial payload that establishes P2P communication to the P2P network. Over the past two weeks, researchers have identified over 307,000 unique public Redis systems, 934 of which may be vulnerable to infection. This article continues to discuss the new variant of the P2PInfect worm.