Cado Security Labs researchers were able, through their work, to identify a new and fearsome variant of the malware P2Pinfect.
This malicious agent, it seems, focuses on IoT devices (Internet of Things) or routers and, more specifically, targets chips MIPS a 32 bit. The attack occurs through forced access to the Secure Shell (SSH) of the products in question.
P2Pinfect is written in language Rust and acts as an agent botnetacting as an intermediary between infected hosts through a rete peer-to-peer. According to experts, MIPS processors are very widespread in the IoT context and, in this sense, they have already been targeted by botnet attacks such as Mirai in the past.
According to what was stated by Anurag GurtuCPO at StrikeReady, the discovery of a new variant indicates a clear change in cybercriminals’ strategies, given that P2Pinfect acted very differently in its previous versions. For the expert “This move demonstrates the developers’ intention to expand their botnet by infecting a wider range of devices“.
P2Pinfect, cybercriminals hunting for routers and IoT devices
He then explained how the sophistication of the malware and the advanced evasion tacticssuggest that cybercriminals appear to be very expert and capable of acting with ease to create a botnet with a robust structure that is difficult to detect.
With this new diffusion method, P2Pinfect could create a very large network of devices, difficult for users to counter cybersecurity experts. All with ample room for maneuver for cybercriminals, who can ensure easy persistence and a wide range of commands at their disposal.
As with other similar situations, the main defense for owners of routers or other products connected to the network is the timely adoption of the security patches. Thanks to the work of the developers, in fact, it is possible to obtain updates capable of effectively countering threats of this type.