FortiGuard Labs recently identified persistent P2Pinfect presences within Google Kubernetes Engine (GKE) clusters at several client companies, with one compromise spanning six months. The compromises originated from exposed Redis instances, which allowed the botnet to gain an initial foothold. The botnet's beaconing was repeatedly flagged in FortiCNAPP's Composite Alerts, underscoring how a single misconfiguration can enable long-term compromise in cloud environments. The IOCs observed across
p2pinfect (2)
P2Pinfect is a rust-based malware analyzed extensively by Cado Security in the past. It is a reasonably sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and control mechanism. Upon initial discovery, the malware mainly appeared dormant. It would spread primarily via Redis and a limited SSH spreader, but ultimately, it did not seem to have an objective other than to spread. Recently, we observed a new update to P2Pinfect that introduced ransomware and crypto
