Fileless worm builds cryptomining, backdoor-planting P2P botnet

2020-08-19 12:28

A fileless worm dubbed FritzFrog has been found roping Linux-based devices - corporate servers, routers and IoT devices - with SSH servers into a P2P botnet whose apparent goal is to mine cryptocurrency.

Simultaneously the malware creates a backdoor on the infected machines, allowing attackers to access it at a later date even if the SSH password has been changed in the meantime.

FritzFrog is a modular, multi-threaded and fileless SSH internet worm that attempts to grow a P2P botnet by breaking into public IP addresses, ignoring known ranges saved for private addresses.

It tunnels its P2P commands over the standard SSH port by running a local netcat client on the infected machines.

Consider changing routers' and IoT devices' SSH port or completely disabling SSH access to them if the service is not needed.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/3WsoBDtixAQ/

#backdoor #botnet #cryptomining #P2P #worm