Ongoing ‘FreakOut’ malware attack turns Linux devices into IRC botnet

Ongoing ‘FreakOut’ malware attack turns Linux devices into IRC botnet

According to Checkpoint, the “FreakOut” malware attack is exploiting “newest vulnerabilities.”


Cybersecurity researchers identify vulnerabilities regularly, some serious, some not. In the latest, researchers from Checkpoint have discovered a range of attacks against Linux devices.


Dubbed FreakOut; the malware attack is being carried out to create an IRC botnet. It is worth noting that an IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel.


Done by a threat actor named “freak;” the botnet in question would allow attackers to perform malicious tasks such as brute-forcing attacks, network sniffing, killing processes, crypto-mining, and DDoS attacks.


Delving into the details, the campaign is not aimed at the masses but chooses a targeted approach in which it only attacks systems running the TerraMaster operating system ZEND framework or Liferay Portal. What’s troubling is that all 3 have a significant number of users globally.

According to researchers, once a device has become a victim, it then becomes a part of the attacking chain which in the words of the researchers, results in “making the attack flow recursive”.


The vulnerabilities targeted by the malware include:


CVE-2020-28188 – targeting TerraMaster
CVE-2021-3007 – targeting Zend
CVE-2020-7961 – targeting Liferay Portal


The attack works in a way that first the threat actor runs certain operating system commands in order to upload a malicious Python script to the victim device. This scri ..