Network security company Palo Alto Networks recently released a blog post, found the use of Rust language written malware – P2PInfect worm.
Note: Rust is a general-purpose, compiled programming language developed under the auspices of Mozilla. It is designed to be “safe, concurrent, and practical” and supports functional, concurrent, procedural, and object-oriented programming styles.
The industry consensus on Rust is that it is “safe”, and Microsoft is currently recompiling the Win11 kernel based on the language to further improve the security of the Win11 system.
Palo Alto Networks researchers have discovered P2PInfect, a Rust-based peer-to-peer worm that exploits the Lua Sandbox Escape vulnerability to remotely execute arbitrary code by targeting Redis, an open source database application heavily used in cloud environments.
The Lua Sandbox Escape vulnerability is tracked as CVE-2022-0543 and has a Critical CVSS rating of 10.0 (out of a maximum score of 10) in the NIST National Vulnerability Database, which indicates its danger.