FritzFrog
FritzFrog is a newly discovered botnet that also exhibits worm-like behavior. Cybersecurity experts believe that FritzFrog's activity was started in January 2020, and the malware has managed to spread across a large number of networks in various sectors, including government, education, and finance quickly. According to malware analysts, the FritzFrog is a very advanced project that employs a myriad of advanced techniques that allow it to operate in fileless mode, as well as to distribute tasks between enslaved computers equally. Another notable feature of the FritzFrog botnet is that it has the ability to operate with a Command and Control server – instead, the enslaved systems communicate and exchange data between themselves. As we already mentioned, the FritzFrog operates through the infected system's volatile memory, so it takes some steps to ensure that it will not deliver a complete corrupted file to the newly infected system – instead, it delivers a collection of Binary Large Object (BLOB) files that are loaded in the computer's memory consequentially.
The FritzFrog Botnet Relies on Brute-force Attacks to Infect More Devices
The attacks are executed by brute-forcing SSH services exposed to the Internet. It is likely that the attackers are able to penetrate SSH services that use weak or default login credentials. Every infected system is able to receive a list of IP addresses running SSH, and then use a separate cracking module to try and brute-force their password. This enables FritzFrog to grow exponentially by becoming more and more efficient with its attack the larger it becomes.
The active FritzFrog payload has its functionality spread among several separate threads that handle different tasks:
- Cracker – The designated task of this thread is to brute-force SSH passwords.
- DeployMgmt – It transfers the BLOBs to systems that have been breached successfully.
- Owned – Registers the infected system with the peer-to-peer network that FritzFrog uses.
- Antivir – It looks for CPU-intensive processes and terminates them. This thread focuses on looking for processes related to XMR/Monero mining.
- Libexec – A mining module that mines for the Monero cryptocurrency.
It is estimated that the FritzFrog botnet has already tried to brute-force the SSH servers of millions of networks, and this number is likely to continue to grow rapidly unless the operation is terminated. Malware is evolving constantly, and companies and users worldwide need to take the required security measures to keep their networks safe from harmful intruders.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.