• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • KeepSolid SmartDNS: Lifetime Subscription for $59

    KeepSolid SmartDNS: Lifetime Subscription for $59
  • Passwarden PW Manager Lifetime Subscription for $79

    Passwarden PW Manager Lifetime Subscription for $79
  • VPN Unlimited: Lifetime Subscription for $89

    VPN Unlimited: Lifetime Subscription for $89
  • Dell Latitude 5401 14" Laptop i5-9400H 2.5GHz 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $399

    Dell Latitude 5401 14" Laptop i5-9400H 2.5GHz 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $399
  • Dell OptiPlex 7060 Micro Desktop Core i7-8700T 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $369

    Dell OptiPlex 7060 Micro Desktop Core i7-8700T 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $369
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Aug 19, 2020 by iHash Leave a Comment

Fileless P2P Botnet Malware

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.

Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.

“With its decentralized infrastructure, it distributes control among all its nodes,” Guardicore’s Ophir Harpaz said. “In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date.”

cybersecurity

In addition to implementing a proprietary P2P protocol that’s been written from scratch, the communications are done over an encrypted channel, with the malware capable of creating a backdoor on victim systems that grants continued access for the attackers.

A Fileless P2P Botnet

Although GoLang based botnets have been observed before, such as Gandalf and GoBrut, FritzFrog appears to share some similarities with Rakos, another Golang-based Linux backdoor that was previously found to infiltrate target systems via brute force attempts at SSH logins.

p2p malware

But what makes FritzFrog unique is that it’s fileless, meaning it assembles and executes payloads in-memory, and is more aggressive in carrying out brute-force attacks, while also being efficient by distributing the targets evenly within the botnet.

Once a target machine is identified, the malware performs a series of tasks involving brute-forcing it, infecting the machine with malicious payloads upon a successful breach, and adding the victim to the P2P network.

netcat ssh malware

To slip under the radar, the malware runs as ifconfig and NGINX, and begins listening on port 1234 to receive further commands for execution, including those for syncing the victim with the database of network peers and brute-force targets.

The commands themselves are transmitted to the malware through a series of hoops designed to avoid detection. The attacker node in the botnet first latches onto a specific victim over SSH and then uses the NETCAT utility to establish a connection with a remote server.

What’s more, the payload files are exchanged between nodes in BitTorrent-style, employing a segmented file transfer approach to send blobs of data.

“When a node A wishes to receive a file from its peer, node B, it can query node B which blobs it owns using the command getblobstats,” Harpaz said. “Then, node A can get a specific blob by its hash, either by the P2P command getbin or over HTTP, with the URL ‘https://node_IP:1234/blob_hash.’ When node A has all the needed blobs, it assembles the file using a special module named Assemble and runs it.”

p2p malware

Aside from encrypting and encoding the command responses, the malware runs a separate process, named “libexec,” to mine Monero coins and leaves a backdoor for future access to the victim by adding a public key to the SSH’s “authorized_keys” file so that logins can be authenticated without having to rely on the password again.

13,000 Attacks Spotted Since January

The campaign began on January 9, according to the cybersecurity firm, before reaching a cumulative of 13,000 attacks since its first appearance spanning across 20 different versions of the malware binary.

world map computer virus

Aside from targeting educational institutions, FritzFrog has been found to brute-force millions of IP addresses belonging to governmental organizations, medical centers, banks, and telecom companies.

Guardicore Labs has also made available a detection script that checks if a server has been infected by FritzFrog, along with sharing the other indicators of compromise (IoCs).

“Weak passwords are the immediate enabler of FritzFrog’s attacks,” Harpaz concluded. “We recommend choosing strong passwords and using public key authentication, which is much safer. Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog — consider changing their SSH port or completely disabling SSH access to them if the service is not in use.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: botnet, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Fileless, hacker news, hacking news, how to hack, information security, Malware, network security, P2P, ransomware malware, Servers, software vulnerability, SSH, Targeting, the hacker news, Worldwide

Special Offers

  • KeepSolid SmartDNS: Lifetime Subscription for $59

    KeepSolid SmartDNS: Lifetime Subscription for $59
  • Passwarden PW Manager Lifetime Subscription for $79

    Passwarden PW Manager Lifetime Subscription for $79
  • VPN Unlimited: Lifetime Subscription for $89

    VPN Unlimited: Lifetime Subscription for $89
  • Dell Latitude 5401 14" Laptop i5-9400H 2.5GHz 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $399

    Dell Latitude 5401 14" Laptop i5-9400H 2.5GHz 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $399
  • Dell OptiPlex 7060 Micro Desktop Core i7-8700T 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $369

    Dell OptiPlex 7060 Micro Desktop Core i7-8700T 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $369

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Dotan Horovits

From Spotify to Open Source: The Backstory of Backstage

Jun 5, 2023 By iHash

Heard on the Street – 6/5/2023

Jun 5, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

KeepSolid SmartDNS: Lifetime Subscription for $59

Expires June 05, 2024 23:59 PST Buy now and get 70% off KEY FEATURES Seamless streaming made possible! SmartDNS is a solution to bypass geo-restrictions and access regionally blocked content on various streaming platforms and video services. By redirecting DNS queries through their SmartDNS servers, users can unlock access to content that is typically unavailable […]

Passwarden PW Manager Lifetime Subscription for $79

Expires June 04, 2024 23:59 PST Buy now and get 60% off KEY FEATURES Safe password manager for those who value security! Passwarden is a secure password manager that simplifies and strengthens your digital life by securely storing and managing all your passwords in one place. It utilizes strong AES-256 encryption algorithms to protect your […]

VPN Unlimited: Lifetime Subscription for $89

Expires June 04, 2024 23:59 PST Buy now and get 55% off KEY FEATURES VPN Unlimited is the ultimate solution for enhancing your online security and privacy. With top-notch encryption algorithms and over 3000 secure servers in 80+ locations worldwide, it effectively masks your IP address and protects your sensitive information from prying eyes. Whether […]

Dell OptiPlex 7060 Micro Desktop Core i7-8700T 16GB RAM 512GB SSD Windows 10 Pro (Refurbished) for $369

Expires May 05, 2123 18:30 PST Buy now and get 19% off KEY FEATURES The Dell Optiplex 7060 Micro Desktop is a solid workstation that is suitable for both home and business computing. it’s powered by Intel Core i7-8700T (8th Generation) with 2.4 GHz processor speed, making every task a breeze. It also comes with […]

Anker 313 Power Bank (PowerCore 10K) for $27

Expires May 30, 2123 05:12 PST Buy now and get 0% off PRODUCT SPECS Quality Throughout:Built adventure-tier touch with superior durability and scratch resistance, Anker 313 Power Bank (PowerCore 10K) is premium both inside and out. Slim Size, Big Power:One of the slimmest and lightest 10,000mAh portable chargers on the market. Provides 2.25 charges for […]

Secrets to successful engineering leadership from Elastic’s Simona Posea

Secrets to successful engineering leadership from Elastic’s Simona Posea

For Simona Posea, visualizing a career in technology came easily. “My mother was a role model, as she’s been working with computers since punch cards were a thing,” Simona laughs. “We had our first PC when I was six years old, and she taught us how to operate it. At the time, I would use […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT