Tag Archive for: FritzFrog

FritzFrog Botnet Strikes Back Exploiting Log4Shell Vulnerability

/in


A new variant of the sophisticated botnet “FritzFrog” has emerged, leveraging the Log4Shell vulnerability for propagation. Despite more than two years passing since the Log4j flaw was discovered, attackers continue to exploit it effectively due to many organizations neglecting to patch their systems. Notably, the botnet appears to target seemingly secure sections of internal networks where patches may be lacking.

 

Understanding FritzFrog Botnet

 

Initially identified by Guardicore (now part of Akamai) in August 2020, FritzFrog operates as a peer-to-peer (P2P) botnet, primarily targeting internet-facing servers with weak SSH credentials. The Log4Shell vulnerability (CVE-2021-44228), which gained widespread attention due to its critical nature, is now being exploited by FritzFrog as a secondary infection vector. Unlike its previous strategies that focused on targeting internet-facing servers, this variant takes aim at internal hosts within compromised networks. This shift underscores the importance of comprehensive patch management practices, as even seemingly less vulnerable internal systems can become prime targets for exploitation.

One of the noteworthy enhancements of this variant is that it identifies potential targets with vulnerabilities within the network by analyzing system logs on compromised hosts. This implies that despite patching internet-facing applications, any breach of other endpoints can still leave unpatched internal systems vulnerable to exploitation, facilitating the spread of the malware. Additionally, the malware now exploits the PwnKit vulnerability (CVE-2021-4034) for local privilege escalation, further enhancing its persistence and reach.

Moreover, FritzFrog botnet employs evasion tactics to evade detection, including minimizing its footprint by avoiding file drops to disk whenever possible. By utilizing shared memory locations and executing memory-resident payloads, it maintains a stealthy presence that poses challenges for detection and mitigation efforts.

 

Conclusion

 

Akamai, a leading web infrastructure and security company, has dubbed this latest activity as Frog4Shell, highlighting the convergence of FritzFrog’s capabilities with the…

Source…

FritzFrog Botnet Exploits Log4Shell – BankInfoSecurity

/in


Governance & Risk Management
,
Patch Management

Botnet Looks for Vulnerable Internal Network Machines

Prajeet Nair (@prajeetspeaks) •
February 2, 2024    

FritzFrog Botnet Exploits Log4Shell
Log4Shell strikes again. (Image: Shutterstock)

Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector, supplementing its usual remote login brute force technique.

See Also: OnDemand Panel | Securing Operational Excellence: Thwarting CISOs 5 Top Security Concerns

Akamai Security Intelligence Group observed the shift in the FritzFrog botnet, first documented in 2020.

Log4Shell, tracked as CVE-2021-44228, burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library. A panel of U.S. public and private sector security experts in mid-2022 warned that patching every vulnerable Log4j instance would likely take a decade “or longer” (see: Log4j Flaw Is ‘Endemic,’ Says Cyber Safety Review Board).

To spread their malware, FritzFrog operators exploit the fact that system administrators give lower priority to patching internal network machines. Internet-facing applications are an obvious priority for patching. But unpatched internal machines can still be a risk, the researchers said. FritzFrog looks for subnets and targets possible addresses within them.

“This means that even if the ‘high-profile’ internet-facing applications have been patched, a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation,” they said.

To trigger the Log4Shell vulnerability, FritzFrog forces an application to log data containing a…

Source…

FritzFrog Botnet Exploits Log4Shell – GovInfoSecurity

/in


Governance & Risk Management
,
Patch Management

Botnet Looks for Vulnerable Internal Network Machines

Prajeet Nair (@prajeetspeaks) •
February 2, 2024    

FritzFrog Botnet Exploits Log4Shell
Log4Shell strikes again. (Image: Shutterstock)

Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector, supplementing its usual remote login brute force technique.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

Akamai Security Intelligence Group observed the shift in the FritzFrog botnet, first documented in 2020.

Log4Shell, tracked as CVE-2021-44228, burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library. A panel of U.S. public and private sector security experts in mid-2022 warned that patching every vulnerable Log4j instance would likely take a decade “or longer” (see: Log4j Flaw Is ‘Endemic,’ Says Cyber Safety Review Board).

To spread their malware, FritzFrog operators exploit the fact that system administrators give lower priority to patching internal network machines. Internet-facing applications are an obvious priority for patching. But unpatched internal machines can still be a risk, the researchers said. FritzFrog looks for subnets and targets possible addresses within them.

“This means that even if the ‘high-profile’ internet-facing applications have been patched, a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation,” they said.

To trigger the Log4Shell vulnerability, FritzFrog forces an application to log data containing a malicious payload….

Source…

FritzFrog malware attacks Linux servers over SSH to mine Monero – BleepingComputer

/in
  1. FritzFrog malware attacks Linux servers over SSH to mine Monero  BleepingComputer
  2. A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide  Internet
  3. Monero Cryptojacking Malware Targets Higher Education  Cointelegraph
  4. FritzFrog Botnet Attacks Millions of SSH Servers  Threatpost
  5. ‘Highly Professional’ Cryptojacking Malware Targets Banking, Education Sectors  Finance Magnates
  6. View Full Coverage on read more

“malware news” – read more