HomeVulnerabilityFritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Community

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Community

The menace actor behind a peer-to-peer (P2P) botnet often known as FritzFrog has made a return with a brand new variant that leverages the Log4Shell vulnerability to propagate internally inside an already compromised community.

“The vulnerability is exploited in a brute-force method that makes an attempt to focus on as many weak Java functions as attainable,” internet infrastructure and security firm Akamai stated in a report shared with The Hacker Information.

FritzFrog, first documented by Guardicore (now a part of Akamai) in August 2020, is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. It is recognized to be lively since January 2020.

It has since advanced to strike healthcare, training, and authorities sectors in addition to improved its capabilities to in the end deploy cryptocurrency miners on contaminated hosts.

What’s novel in regards to the newest model is the usage of the Log4Shell vulnerability as a secondary an infection vector to particularly single out inside hosts moderately than concentrating on weak publicly-accessible property.

See also  5 Steps to Increase Detection and Response in a Multi-Layered Cloud

“When the vulnerability was first found, internet-facing functions have been prioritized for patching due to their important danger of compromise,” security researcher Ori David stated.

“Contrastly, inside machines, which have been much less prone to be exploited, have been usually uncared for and remained unpatched — a circumstance that FritzFrog takes benefit of.”

FritzFrog

Which means even when the internet-facing functions have been patched, a breach of every other endpoint can expose unpatched inside techniques to exploitation and propagate the malware.

The SSH brute-force element of FritzFrog has additionally acquired a facelift of its personal to establish particular SSH targets by enumerating a number of system logs on every of its victims.

One other notable change within the malware is use of the PwnKit flaw tracked as CVE-2021-4034 to realize native privilege escalation.

“FritzFrog continues to make use of techniques to stay hidden and keep away from detection,” David stated. “Specifically, it takes particular care to keep away from dropping information to disk when attainable.”

See also  BIG-IP Vulnerability Permits Distant Code Execution

That is completed by the use of the shared reminiscence location /dev/shm, which has additionally been put to make use of by different Linux-based malware equivalent to BPFDoor and Commando Cat, and memfd_create to execute memory-resident payloads.

The disclosure comes as Akamai revealed that the InfectedSlurs botnet is actively exploiting now-patched security flaws (from CVE-2024-22768 by CVE-2024-22772, and CVE-2024-23842) impacting a number of DVR gadget fashions from Hitron Techniques to launch distributed denial-of-service (DDoS) assaults.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular