Security News > 2020 > August > A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer botnet written in Golang that has been actively targeting SSH servers since January 2020.
Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.
A Fileless P2P Botnet Although GoLang based botnets have been observed before, such as Gandalf and GoBrut, FritzFrog appears to share some similarities with Rakos, another Golang-based Linux backdoor that was previously found to infiltrate target systems via brute force attempts at SSH logins.
The attacker node in the botnet first latches onto a specific victim over SSH and then uses the NETCAT utility to establish a connection with a remote server.
"We recommend choosing strong passwords and using public key authentication, which is much safer. Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog - consider changing their SSH port or completely disabling SSH access to them if the service is not in use."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/GJQ7iHkp6oo/p2p-botnet-malware.html
Related news
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)