According to Checkpoint, the “FreakOut” malware attack is exploiting “newest vulnerabilities.”
Cybersecurity researchers identify vulnerabilities regularly, some serious, some not. In the latest, researchers from Checkpoint have discovered a range of attacks against Linux devices.
Dubbed FreakOut; the malware attack is being carried out to create an IRC botnet. It is worth noting that an IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel.
Done by a threat actor named “freak;” the botnet in question would allow attackers to perform malicious tasks such as brute-forcing attacks, network sniffing, killing processes, crypto-mining, and DDoS attacks.
Delving into the details, the campaign is not aimed at the masses but chooses a targeted approach in which it only attacks systems running the TerraMaster operating system ZEND framework or Liferay Portal. What’s troubling is that all 3 have a significant number of users globally.
According to researchers, once a device has become a victim, it then becomes a part of the attacking chain which in the words of the researchers, results in “making the attack flow recursive”.
The vulnerabilities targeted by the malware include:
CVE-2020-28188 – targeting TerraMaster
CVE-2021-3007 – targeting Zend
CVE-2020-7961 – targeting Liferay Portal
The attack works in a way that first the threat actor runs certain operating system commands in order to upload a malicious Python script to the victim device. This scri ..