Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems | SC Media

Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems | SC Media

Oracle Co-Founder Larry Ellison delivers a keynote address at the Oracle OpenWorld conference in 2006. Researchers discovered a new Internet Relay Chat (IRC) bot Tuesday that exploited three vulnerabilities to launch distributed denial of service attacks, cryptomining and other security lapses on Linux systems. (Justin Sullivan/Getty Images)

Researchers discovered a new Internet Relay Chat (IRC) bot Tuesday that exploited three vulnerabilities to launch distributed denial of service attacks, cryptomining and other security lapses on Linux systems.


Dubbed “FreakOut” by CheckPoint researchers, stemming from the name Freak, the code author’s name, the bot activated in November 2020 and has been running ever since with 300 current users and five channels. One active channel called #update includes 186 exploited devices that communicate with the IRC server.


Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company. 


The attacks use these three vulnerabilities to take aim at devices that run on the following:


CVE-2020-28188: TerraMaster Operating System, used to manage TerraMaster network attached storage servers.
 CVE-2021-3007: Zend Framework, used to build web applications and services using PHP, with more than 570 million installations.
  freakout leverages three critical vulnerabilities attack linux systems media