Researchers uncovered a new peer-to-peer (P2P) botnet malware “FritzFrog” that has targeted the SSH Servers around the world.
FritzFrog has breached nearly 500 SSH servers; they also infected many universities in the U.S. and Europe and a railway company in an attempt to plant crypto-mining malware.
FritzFrog has been detected via G sensors and it infected banks, medical centers, administrative offices, educational institutions, and telecom firms.
SSH servers are very popular in business and customer ecosystems, as SSH servers are sections of software that are located in routers and IoT devices, with other machines, and they utilize the secure shell etiquette to allow links from all remote computers.
Well, FritzFrog is one of the highly advanced and sophisticated peer-to-peer (P2P) botnet that has been continuously breaching SSH servers worldwide since January. It has a decentralized foundation; it shares control between all its nodes.
Fitzfrog is composed of the GoLang programming language, is volatile, and leaves no traces on the disk. P2P interaction is prepared over an encrypted channel, utilizing an AES for symmetric encryption and the Diffie-Hellman protocol for key replacement.
- FritzFrog is an advanced peer-to-peer (P2P) botnet.
- FritzFrog is a Golang-Based Malware.
- FritzFrog is actively Targeting Government, Education, Finance, various telecom companies, medical centers, governmental offices, and more.
- FritzFrog is a sophisticated and exclusive botnet.
- Guardicore Labs has produced a customer program in Golang that can intercept FritzFrog’s P2P communication, and with this, you can join as a network peer.
Fileless, Serverless yet so efficient
FritzFrog collects and administers the ill-disposed payload in-memory, which makes it volatile. The custom P2P execution means that there will be no single Command & Control (C&C) server conveying directions to FritzFrog.
According to the Gaurdicore report, It is a decentralized and self-sufficient botnet the FritzFrog was detected using their honeypot network. Moreover, researchers have created an interceptor that is drafted in Golang termed as frogger. It could engage in malware’s key-exchange method, and it can do both receiving and sending commands.
- Gaurdicore has recommended some mitigation that are to be followed by the users properly, and here they are:-
- Select a reliable and robust password, and use a public key authentication.
- Use a reliable antivirus tool.
- Analyze and change SSH port or disable the SSH access, in case if the service is not in use.
- Researchers also provided a simple script that can be utilized to detect FritzFrog infections, and both the script and a schedule of FritzFrog IoCs have been posted on GitHub.