According to a study published by Guardicore Labs A botnet malware called FritzFrog was deployed on ten million IP addresses. The malware has mainly targeted government agencies, educational institutions, medical centers, banks and telecommunications companies and installed a Monero (XMR) mining application called XMRig.
Guardicore Labs explains that FritzFrog uses a brute force attack on millions of addresses to gain access to servers. This is where an attacker comes in, sending a lot of passwords or phrases in the hope of guessing correctly at some point.
After logging in, run a separate process called “libexec” to run XMRig.
“It successfully breached more than 500 SSH servers, including those of well-known higher education institutions in the US and Europe and a railroad company.”
The cybersecurity company said that FritzFrog appears to be a unique piece of malware and it was a “complicated task” to find itbecause the connections were hidden in a peer-to-peer network (P2P).
Ophir Harpaz, a Guardicore Labs researcher, commented:
“In contrast to other P2P botnets, FritzFrog combines a number of properties that make it unique: It has no files because it compiles and executes user data in memory. It is more aggressive in its brute force attempts but remains efficient by distributing targets evenly across the network. “
Face recognition could put an end to bitcoin social media scams
Harpaz recommends choosing strong passwords and using public key authentication, “which is much safer” so as not to be successfully attacked by a cryptojaking malware like FritzFrog.
Recently, Cybersecurity researchers from Cado Security found that they believe it was the first stealth cryptocurrency mining campaign to steal credentials from Amazon Web Services (AWS)., called TeamTNT, which also provides the XMR mining application.