FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors

2022-02-10 06:03

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts.

Dubbed FritzFrog, "The decentralized botnet targets any device that exposes an SSH server - cloud instances, data center servers, routers, etc. - and is capable of running any malicious payload on infected nodes," Akamai researchers said in a report shared with The Hacker News.

FritzFrog was first documented by Guardicore in August 2020, elaborating the botnet's proficiency to strike and infect more than 500 servers spanning across Europe and the U.S. since January that year.

What's more, the reappearance of the botnet has been accompanied by new additions to its functionality, including the usage of a proxy network and the targeting of WordPress servers.

The infection chain propagates over SSH to drop a malware payload that then executes instructions received from the C2 server to run additional malware binaries as well as gather system information and files, before exfiltrating them back to the server.

A second piece of information linking the malware to China stems from the fact that one of the new wallet addresses employed for crypto mining was also used as part of the Mozi botnet campaign, whose operators were arrested in China last September.

News URL

https://thehackernews.com/2022/02/fritzfrog-p2p-botnet-attacking.html

#botnet #healthcare #P2P