Quote:The unique, advanced worming P2P botnet drops backdoors and cryptominers, and is spreading globally.
A peer-to-peer (P2) botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January.
SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connections from remote computers. SSH servers are common in enterprise and consumer environments alike.
According to an analysis from Guardicore Labs, FritzFrog propagates as a worm, brute-forcing credentials at entities like governmental offices, educational institutions, medical centers, banks and telecom companies.
FritzFrog has attempted to compromise tens of millions of machines so far, and has successfully breached more than 500 servers in total, Guardicore researcher Ophir Harpaz said. Victims include well-known universities in the U.S. and Europe, and a railway company; and the most-infected countries are China, South Korea and the U.S.
“FritzFrog executes a worm malware which is written in Golang, and is modular, multi-threaded and fileless, leaving no trace on the infected machine’s disk,” Harpaz explained, in a posting on Wednesday. Once the server is compromised, “the malware creates a backdoor in the form of an SSH public key, enabling the attackers ongoing access to victim machines.” It also can drop additional payloads, such as cryptominers.
Read more: https://threatpost.com/fritzfrog-botnet-...rs/158489/
![[-]](https://www.geeks.fyi/images/collapse.png)
