Security News > 2020 > August > A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
2020-08-19 03:16

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer botnet written in Golang that has been actively targeting SSH servers since January 2020.

Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.

A Fileless P2P Botnet Although GoLang based botnets have been observed before, such as Gandalf and GoBrut, FritzFrog appears to share some similarities with Rakos, another Golang-based Linux backdoor that was previously found to infiltrate target systems via brute force attempts at SSH logins.

The attacker node in the botnet first latches onto a specific victim over SSH and then uses the NETCAT utility to establish a connection with a remote server.

"We recommend choosing strong passwords and using public key authentication, which is much safer. Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog - consider changing their SSH port or completely disabling SSH access to them if the service is not in use."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/GJQ7iHkp6oo/p2p-botnet-malware.html