26 February 2024

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

According to a report from July 19th, 2023, researchers from Palo Alto Networks Unit 42 recently discovered a new worm named P2PInfect. This worm specifically targets Redis servers running on both Linux and Windows operating systems. P2PInfect appears to be designed with cloud environments in mind, as it utilizes a dropper payload to establish peer-to-peer (P2P) communications, connecting to a larger P2P network and subsequently spreading itself.

The malware demonstrates a high level of sophistication, allowing it to self-update and launch new versions of itself once it infects a victim's system. The potential impact of P2PInfect is considerable, as the researchers have identified at least 900 vulnerable Redis systems that may be at risk of this threat.

P2PInfect's ability to drop a payload that facilitates P2P communication with a larger network, propagate autonomously, and maintain persistence through a PowerShell script and self-updates make it especially effective in targeting cloud environments and stealing sensitive data. Despite the extensive investigation, the motivations behind this campaign have not been fully identified by cybersecurity researchers, as no evidence of cryptojacking has been found yet. However, the possibility of cryptojacking being involved remains a concern.