FritzFrog botnet infected at least 500 government and corporate servers

FritzFrog botnet infected at least 500 government and corporate servers

FritzFrog botnet infected at least 500 governments.

The main goal of FritzFrog is cryptocurrency mining.

FritzFrog is cryptocurrency mining

 

Guardicore Labs has published a report on the activity of the relatively new P2P botnet FritzFrog, which in 2020 managed to infect at least 500 government and corporate SSH servers.

The botnet was first spotted in January this year.

also Over the past eight months, FritzFrog has carried out multiple

brute force attacks on SSH servers belonging to government agencies, telecommunications, financial companies,

and healthcare and then education companies around the world. At least 500 attacks were successful.

FritzFrog is a decentralized botnet that uses P2P protocols to manage its nodes.

After the SSH server is hacked, fileless malware is loaded onto the system and executed only in memory, turning the

device into a bot capable of receiving and executing commands. The FritzFrog malware is unpacked on the

system under the names ifconfig and nginx and is launched as a command-pending startup process listening on port

1234. These commands are easy enough to detect, so the attackers connect to the victim via SSH and launch the Netcat client.

All commands are also transmitted in encrypted form. The first connect the device to an existing botnet, while the rest are used to install the backdoor, and monitor the network, PC, and CPU resources.

The main goal of FritzFrog is cryptocurrency mining. To do this, the botnet uses Monero mining software called XMRig. If the processes on the server are using too many CPU resources, FritzFrog will terminate them to provide power to the miner.

According to experts, FritzFrog uses a proprietary P2P protocol, which may indicate the high professionalism of its developers. Guardicore Labs was unable to find concrete evidence of any group’s involvement in the botnet, but they did find some similarities between FritzFrog and the Rakos botnet discovered in 2016.

You can also buy instant:

GET ANYTHING FROM G2A FOR FREE

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us

Leave a Reply