Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise

FortiGuard Labs observed persistent P2Pinfect P2P botnet infections in multiple Google Kubernetes Engine clusters and exposed Redis hosts, using UPX-packed Rust binaries and a shell deployer to bootstrap nodes from an IP-hosted payload; telemetry links peer nodes and Metro4Shell exploitation beginning November 2025 and notes possible RediShell involvement. The botnet shows long dormancy with potential to deliver crypto-miners and ransomware, leverages non-standard ports and encoded nodelists for resilience, and includes detailed IOCs and Fortinet detection/remediation guidance.