Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation.
“P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms,” Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. “This worm is also written in Rust, a highly scalable and cloud-friendly programming language.”
It’s estimated that as many as 934 unique Redis systems may be vulnerable to the threat. The first known instance of P2PInfect was detected on July 11, 2023.