The FritzFrog botnet has infected at least 500 government and corporate servers.

The FritzFrog botnet has infected at least 500 government and corporate servers.

FritzFrog is a decentralized botnet that uses P2P protocols to manage its nodes.

After the SSH server is hacked, fileless malware is loaded onto the system and executed only in memory, turning the device into a bot capable of receiving and executing commands. The FritzFrog malware is unpacked on the system under the names ifconfig and nginx and is launched as a command-pending startup process listening on port 1234. These commands are easy enough to detect, so the attackers connect to the victim via SSH and launch the Netcat client.



All commands are transmitted in encrypted form. The first connects the device to an existing botnet, while the rest are used to install the backdoor, monitor the network, PC and CPU resources.

According to experts, FritzFrog uses a proprietary P2P protocol, which may indicate the high professionalism of its developers. Guardicore Labs was unable to find concrete evidence of any group’s involvement in the botnet, but they did find some similarities between FritzFrog and the botnet. Rakos discovered in 2016.

Taken from https://www.securitylab.ru/news/511318.php



ORIGINAL PAGE – Go to open the original article


6,405 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: