Top 5 This Week

Related Posts

MIPS Botnet Targeting Routers and IoT Devices

Getting your Trinity Audio player ready...

MIPS Botnet Threat: New Variant Targeting Routers and IoT Devices

Cybersecurity researchers have unearthed a new variant of the emerging MIPS Botnet Threat, known as P2PInfect, that’s targeting routers and IoT devices.

The latest version, as reported by Cado Security Labs, is designed for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, expanding its reach significantly. “By targeting MIPS, P2PInfect developers aim to compromise routers and IoT devices with this malware,” noted security researcher Matt Muir.

First disclosed in July 2023, P2PInfect, a Rust-based malware, targeted unpatched Redis instances by exploiting a critical Lua sandbox escape vulnerability (CVE-2022-0543, CVSS score: 10.0) for initial access. A subsequent analysis by the cloud security firm in September showed a surge in MIPS Botnet Threat activity, with new variants of the malware emerging.

These new artifacts not only attempt SSH brute-force attacks on devices with 32-bit MIPS processors but also incorporate advanced evasion and anti-analysis techniques to avoid detection. The SSH server attacks during the scanning phase use common username and password combinations embedded within the ELF binary.

It’s suspected that both SSH and Redis servers are key propagation vectors for the MIPS variant, considering that running a Redis server on MIPS is possible via an OpenWrt package known as redis-server. One notable evasion technique includes a self-termination check when analyzed and efforts to disable Linux core dumps, which are generated by the kernel after an unexpected process crash.

The MIPS variant also harbors an embedded 64-bit Windows DLL module for Redis, enabling the execution of shell commands on compromised systems. “This development not only shows a widening scope from P2PInfect developers but also highlights the variant’s advanced defense evasion techniques,” commented Cado Security.

“The malware’s use of Rust for cross-platform development, coupled with the rapid growth of the botnet, points to a sophisticated threat actor behind this campaign,” they added.

For more detailed analyses and insights into the latest cybersecurity trends, follow us on Twitter and LinkedIn, and explore more on Cyber Cogeanu.

 

Cogeanu Marius
Cogeanu Mariushttps://cogeanu.com
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on https://cogeanu.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Articles