Researchers uncovered a new peer-to-peer (P2P) botnet malware “FritzFrog” that has targeted the SSH Servers around the world.

FritzFrog has breached nearly 500 SSH servers; they also infected many universities in the U.S. and Europe and a railway company in an attempt to plant crypto-mining malware.

FritzFrog has been detected via G sensors and it infected banks, medical centers, administrative offices, educational institutions, and telecom firms.

SSH servers are very popular in business and customer ecosystems, as SSH servers are sections of software that are located in routers and IoT devices, with other machines, and they utilize the secure shell etiquette to allow links from all remote computers.



Well, FritzFrog is one of the highly advanced and sophisticated peer-to-peer (P2P) botnet that has been continuously breaching SSH servers worldwide since January. It has a decentralized foundation; it shares control between all its nodes.


Fitzfrog is composed of the GoLang programming language, is volatile, and leaves no traces on the disk. P2P interaction is prepared over an encrypted channel, utilizing an AES for symmetric encryption and the Diffie-Hellman protocol for key replacement.

  • FritzFrog is an advanced peer-to-peer (P2P) botnet.
  • FritzFrog is a Golang-Based Malware.
  • FritzFrog is actively Targeting Government, Education, Finance, various telecom companies, medical centers, governmental offices, and more.
  • FritzFrog is a sophisticated and exclusive botnet.
  • Guardicore Labs has produced a customer program in Golang that can intercept FritzFrog’s P2P communication, and with this, you can join as a network peer.

Fileless, Serverless yet so efficient

FritzFrog collects and administers the ill-disposed payload in-memory, which makes it volatile. The custom P2P execution means that there will be no single Command & Control (C&C) server conveying directions to FritzFrog. 

According to the Gaurdicore report, It is a decentralized and self-sufficient botnet the FritzFrog was detected using their honeypot network. Moreover, researchers have created an interceptor that is drafted in Golang termed as frogger. It could engage in malware’s key-exchange method, and it can do both receiving and sending commands.



  • Gaurdicore has recommended some mitigation that are to be followed by the users properly, and here they are:- 
  • Select a reliable and robust password, and use a public key authentication.
  • Use a reliable antivirus tool.
  • Analyze and change SSH port or disable the SSH access, in case if the service is not in use.
  • Researchers also provided a simple script that can be utilized to detect FritzFrog infections, and both the script and a schedule of FritzFrog IoCs have been posted on GitHub.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

Critical Vulnerabilities in Amazon Alexa Let Hackers Steal Personal Data & Remotely Install Skills

Severe Security Vulnerabilities in the Samsung Phones Let Hackers to Launch Remote Attacks

TeamViewer Bug Let Hackers Steal System Password Remotely

Billions of Users Affected with Google Chrome Zero-Day That Allow Attackers To Fully Bypass CSP Rules

ReVoLTE – New Attack Let Hackers Spy Your Phone By Decrypt The VoLTE Secure Networks

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.