Researchers at Guardicore Labs have discovered a sophisticated peer-to-peer (P2P) botnet actively targeting SSH servers worldwide since at least January 2020.
The botnet, dubbed FritzFrog, has been observed attempting to brute-force and spread to tens of millions of IP addresses including those belonging to government offices, banks, telecom companies, medical centers, and educational institutions. So far, FritzFrog has breached at least 500 SSH servers at multiple well-known universities in the US and Europe and one railway company, according to Guardicore.
Like other P2P botnets, FritzFrog does not have a centralized command-and-control infrastructure. Instead, control is distributed among all nodes on the network, with each node having the ability to target systems and to communicate with and update each other, over an encrypted channel. Security experts consider such botnets a lot harder to take down than centralized botnets because they don't have one single point of failure or point of control.
Multiple features though make FritzFrog different from — and more dangerous than — other botnets. The malware, which is written in the GO programming language, operates completely in memory. The malware leaves no traces on disk because it assembles and executes payloads and shares files all in-memory.
Each node on the FritzFrog botnet stores a constantly updated database of targets, breached machines, and peers. Guardicore's analysis shows that no two nodes on the botnet attempt to attack the same target machine. Instead they use a sort of "vote-casting" process to distribute targets evenly across the network, the security vendor says. Once on a system, the malware drops a backdoor that allows attackers to potentially regain access to a compromised machine even if the ..
Support the originator by clicking the read the rest link below.
