A campaign targeting misconfigured Redis servers with a peer-to-peer self-replicating worm named P2Pinfect. The campaign exploits a critical vulnerability and makes use of the SLAVEOF feature to install malware that acts as a botnet agent.
P2Pinfect is written in Rust and employs two methods to gain control of a target machine: exploiting a critical vulnerability (CVE-2022-0543) and utilizing the SLAVEOF feature in Redis.
CVE-2022-0543 is a Debian-specific LUA sandbox escape vulnerability, allowing remote code execution with a severity score of 10 CVSS. Once it infects a vulnerable Redis instance, the malware downloads OS-specific scripts and binaries, adding the server to its list of infected systems.
The SLAVEOF feature is commonly used in attacks targeting Redis servers, enabling replication and loading a malicious module (Linux shared object file or a process called Monitor in Windows) for persistent access.