Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers.
According to a study published by Guardicore Labs, a malware botnet known as FritzFrog has been deployed to ten millions of IP addresses. The malware has largely targeted governmental offices, educational institutions, medical centers, banks, and telecommunication companies, installing a Monero (XMR) mining app known as XMRig.
Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers. That’s where an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
After it gets in it proceeds to run a separate process named “libexec” to execute XMRig.
“It has successfully breached over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”
The cybersecurity firm said that FritzFrog appears to be a one-of-its-kind malware, and that it was a “complicated task” to track it as the connections were hidden within a peer-to-peer (P2P) network.
Ophir Harpaz, a researcher at Guardicore Labs, commented:
“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory. It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”
Harpaz recommends choosing strong passwords and using public-key authentication, “which is much safer,” to avoid being attacked successfully by a cryptojacking malware like FritzFrog.
Recently, cybersecurity researchers at Cado Security detected what they believe to be the first-ever stealth crypto mining campaign to steal Amazon Web Services (AWS) credentials, named TeamTNT, which also deploys the XMR mining app.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.