FritzFrog Botnet is Back With More Capabilities and Targets

After being dormant for a while, the FritzFrog botnet is now back with an updated version. This time, FritzFrog added a number of new features and more victims to it’s list.

As spotted by the Akamai researchers, FritzFrog v2 now has victims worldwide. The botnet is seen having capabilities to hit WordPress sites, and also inject ransomware, and leak data from the Infected systems. As it’s a growing threat, researchers warned people to be vigilant and shared tips to safeguard themselves.

FritzFrog is Back With a Bang

FritzFrog was first discovered in 2020, where it’s touted as a new-age botnet network for all its novel features. These include using a P2P system for linking and communicating with other devices in the botnet, thus no centralized management server.

And it comes with a node distribution system to assign an equal number of targets to each node, thereby balancing the overall botnet operations. FritzFrog even got a filtering system to skip any low-powered devices (like Raspberry Pi) and target only high-end resource-intensive systems for more power.

Now, researchers at Akamai noted that FritzFrog has surfaced with new capabilities, and hitting more targets than ever. The botnet is seen actively adding devices around the world, with the rate of 10X in just a month, when compared to its previous operation.

FritzFrog victims

FritzFrog targets SSH servers that are left exposed and brute-forces them with an extensive set of credentials to compromise. Taking over an SSH server means adding all the devices connected to it too. What’s triggering is the bunch of new tools the botnet has added.

Researchers noted support to target WordPress sites, and even use Tor proxy for outgoing SSH connections, thereby hiding its network structure. It’s being constantly under development, with the Malware developers adding new features and fixing bugs almost every day!

As of now, FritzFrog is being used for mining cryptocurrency, but there’s support for leaking data and injecting ransomware into the compromised devices too. As it’s in the wild actively exploiting vulnerable systems, researchers shared the following tips to be secure;

  • Enable system login auditing with alerting
  • Monitor the authorized_hosts file on Linux
  • Configure explicitly allow list of SSH login
  • Disable root SSH access
  • Enable cloud-based DNS protection with threats and unrelated business applications such as coin mining set to block.

Other Trending News:-  News

LEAVE A REPLY

Please enter your comment!
Please enter your name here