FritzFrog Botnet Adds New Capabilities to Infect More Vulnerable Systems

FritzFrog, a new-age botnet discovered in 2020 is now back with innovative techniques to exploit open SSH servers and use them for various purposes.

The botnet malware is seen adding capabilities and more victims to the list, with Akamai researchers noting a 10X growth in the last month! While it’s now being used for cryptocurrency mining, there are capabilities for data leaking and injecting ransomware currently inactive.

A New-Age Botnet in Wild

FritzFrog Botnet Adds New Capabilities to Infect More Vulnerable SystemsBeing inactive for a couple of years, FritzFrog is now back with a bang. The botnet is seen hitting numerous targets in a span of weeks, after surfacing with new capabilities. As noted by the Akamai researchers, the FritzFrog is said to be a new-age botnet due to its novel forms of operations.

The botnet uses the P2P method to grow and communicate, thus needing no centralized management server. Also, it’s said to be using Tor proxy for outgoing SSH connections, thus hiding the network structure. Also, it’s said to be actively developed by the makers, as it adds new features regularly and patches any known bugs daily!

FritzFrog is said to be targeting open SSH servers, through brute-force attacks. All the devices thus using the infected SSH server will be compromised too. The botnet also has a dedicated node distribution system to ensure an equal number of targets are assigned to each node, for balancing the overall botnet.

Also, it got a filtering system to skip any low-powered devices like Raspberry Pi boards, and even preparing to add support for hitting WordPress sites too. While it’s currently used for mining cryptocurrency, FritzFrog is seen having facilities to inject ransomware malware and also leak data from the infected systems.

As it’s seen as a growing threat, Akamai has listed the following defense tips to safeguard one’s systems;

  • Enable system login auditing with alerting
  • Monitor the authorized_hosts file on Linux
  • Configure explicitly allow list of SSH login
  • Disable root SSH access
  • Enable cloud-based DNS protection with threats and unrelated business applications such as coin mining set to block

LEAVE A REPLY

Please enter your comment!
Please enter your name here