FritzFrog has been found in various networks since the beginning of the year
A new form of peer-to-peer (P2P) malware has been discovered that sets a new bar for nastiness. Called FritzFrog, it has been found in various networks since the beginning of the year. Why is it so noteworthy? Several reasons: it is fileless, operates completely decentralized, was written from scratch, frequently updated and enhanced and hasn’t yet been claimed by any known threat actor. Let’s examine each of these points.
Fileless malware uses code that already exists on the average Windows endpoint, such as PowerShell, Windows Management Interface and Visual Basic. (There are Linux fileless cases, which is what FritzFrog runs on.) I have a more complete explanation for a blog post that I wrote for Security Intelligence here. It is nasty because nothing sticks to the endpoint that uniquely identifies any malware, and it can persist after a reboot under special circumstances. To hide itself, it uses executable names of common programs like ifconfig and nginx, which at first glance seem benign but are names of legit pieces of Linux software tools.
FritzFrog’s code is also cleverly crafted. Many malware samples make use of existing open source or well-known past attack patterns. This frog is more of a prince and unique. What is more troubling is that the researchers have cataloged 20 different versions since they found the first samples back in January. These new versions contain data about newly identified targets and which endpoints have active running copies of the malware.
It also wa ..
Support the originator by clicking the read the rest link below.
