![]() For now, there are an unknown force, but some similarities have been found between FritzFrog and Rakos, a botnet discovered in 2016.īug in wireless devices impacting critical sectorsĪ vulnerability affecting components used in millions of critical connected devices in the automotive, energy, telecom, and the medical sector could let hackers hijack the device or access the internal network. This may suggest that the attackers are highly professional „software developers”. The P2P protocol used by FritzFrog for communication is not based on any existing implementation such as μTP. If processes on the server are hogging CPU resources, the malware may kill them to give the miner as much power as possible. The malware portion of FritzFrog is also able to propagate over the SSH protocol.įritzFrog’s primary goal is to mine for cryptocurrency. Other commands, all of which are AES encrypted, includes adding a public SSH-RSA key to the authorized_keys file to establish a backdoor, running shell commands to monitor a victim PC’s resources and CPU usage, and network monitoring. The first command joins the victim machine to the existing database of network peers and slave nodes. However, these commands are usually easy to spot, and so attackers connect to the victim over SSH and run a netcat client instead. ![]() Once executed, FritzFrog unpacks malware under the names ifconfig and nginx and sets up shop to listen for commands sent across port 1234. ![]() Likely in an effort to avoid detection and leave little trace of its presence. It has been observed attempting to brute-force and spread to tens of millions of IP addresses including those belonging to government offices, banks, telecom companies, medical centers, and educational institutions.Īfter brute-forcing an SSH server, the malware deployed on infected systems is fileless and both assembles and executes only in memory. FritzFrog botnet breached already over 500 government and enterprise SSH serversįritzFrog is a peer-to-peer (P2P) botnet actively targeting SSH servers worldwide since at least January 2020. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |