FritzFrog Botnet Returns with New Variant Exploiting Log4Shell Vulnerability

The threat actor behind the peer-to-peer (P2P) botnet known as FritzFrog has resurfaced with a new variant that leverages the Log4Shell vulnerability to propagate internally within compromised networks. FritzFrog was first discovered by Guardicore (now part of Akamai) in August 2020 and is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. This latest version represents a significant development as it uses Log4Shell as a secondary infection vector to specifically target internal hosts, rather than focusing solely on vulnerable public-facing assets. This means that even if internet-facing applications have been patched, a breach of any other endpoint can expose unpatched internal systems to exploitation, facilitating the propagation of the malware.

Background of FritzFrog

Guardicore’s initial documentation sheds light on the operations of FritzFrog, highlighting its preference for targeting internet-facing servers with weak SSH credentials. The botnet is primarily designed to compromise these servers and gain unauthorized access, ultimately enabling the threat actor to execute malicious operations.

Log4Shell as a secondary infection vector

What makes this latest variant of FritzFrog unique is its utilization of the Log4Shell vulnerability as a secondary infection vector to specifically target internal hosts. The Log4Shell vulnerability, also known as CVE-2021-44228, affects the Apache Logging Services library and has been a major concern since its discovery. By exploiting this vulnerability, FritzFrog can target vulnerable internal systems that may have been overlooked or have yet to be patched.

Enhancements in SSH Brute-Force Component

The SSH brute-force component of FritzFrog has received significant enhancements with this new variant. It leverages a facelift to identify specific SSH targets by enumerating system logs on each victim. By analyzing system logs, FritzFrog gains insights into potential vulnerabilities and weak points in SSH protocols, allowing it to optimize its brute-forcing efforts and successfully compromise SSH credentials.

Utilizing CVE-2021-4034 for local privilege escalation

In addition to leveraging Log4Shell, the latest variant of FritzFrog exploits the PwnKit flaw, tracked as CVE-2021-4034, to achieve local privilege escalation. This flaw allows the malware to gain elevated privileges on compromised systems, enabling it to perform more advanced and malicious activities.

Tactics for remaining hidden and avoiding detection

FritzFrog employs various tactics to remain hidden and evade detection by security measures. One of its notable approaches involves avoiding dropping files to disk whenever possible. To accomplish this, FritzFrog utilizes the shared memory location “/dev/shm,” a technique also employed by other Linux-based malware such as BPFDoor and Commando Cat. Additionally, FritzFrog uses memfd_create to execute memory-resident payloads, further reducing its visibility and detection rates.

Infected Slurs Botnet Exploits DVR Device Flaws

The disclosure of the new FritzFrog variant coincides with Akamai’s revelation of the active exploitation by the InfectedSlurs botnet. InfectedSlurs is leveraging now-patched security flaws affecting multiple DVR device models from Hitron Systems. This botnet employs these vulnerabilities to launch distributed denial-of-service (DDoS) attacks, further underscoring the ongoing threats posed by botnets and vulnerable devices.

Impact and Victims of FritzFrog

FritzFrog has steadily expanded its reach over the years, claiming more than 1,500 victims to date. Initially focusing on internet-facing servers, the botnet has now diversified its target sectors to include healthcare, education, and government organizations. This broader scope amplifies the potential impact and underscores the urgent need for enhanced cybersecurity measures within these critical sectors.

The resurgence of the FritzFrog botnet with its new variant, exploiting the Log4Shell vulnerability, highlights the evolving nature of cyber threats and the constant need for vigilance in maintaining robust security measures. This latest development emphasizes the importance of promptly patching known vulnerabilities and implementing strong authentication protocols, such as secure SSH credentials. Proactive cybersecurity practices remain vital in safeguarding sensitive data, preventing unauthorized access, and mitigating the risks posed by sophisticated malware strains like FritzFrog. As the threat landscape continues to evolve, organizations must stay one step ahead by investing in advanced threat detection and mitigation technologies to protect their networks and resources from increasingly sophisticated cyber threats.

Explore more

Agentic DevOps: Key to Frictionless Digital Transformation?

I’m thrilled to sit down with Dominic Jainy, a renowned IT professional whose deep expertise in artificial intelligence, machine learning, and blockchain has positioned him as a thought leader in the realm of digital transformation. With a passion for applying cutting-edge technologies across industries, Dominic has been at the forefront of exploring how innovations like Agentic DevOps can reshape enterprise

Are Engineering Teams Ready for AI Adoption Challenges?

Introduction to AI Adoption in Engineering Teams Imagine a world where software engineering teams can double their productivity overnight, driven by the power of artificial intelligence (AI) to automate complex tasks and accelerate innovation. This enticing prospect has captured the attention of industry leaders, yet beneath the excitement lies a pressing question: are engineering teams truly equipped to handle the

Trend Analysis: Digital Marketing Strategies for 2025

In a world where digital noise drowns out even the most polished campaigns, businesses face an unprecedented challenge: capturing consumer attention in an era where trust is scarcer than ever. With billions of content pieces flooding platforms daily, the average user has grown wary of traditional advertising, often scrolling past generic ads without a second glance. This shift signals a

Maximizing Your Potential as a High-Potential Employee

Imagine being singled out in a crowded workplace as someone with the rare ability to shape the future of an organization, a distinction reserved for high-potential (HiPo) employees—individuals recognized for their exceptional talent and capacity to take on leadership roles. Being designated as a HiPo is not just a badge of honor; it signals profound trust from leadership in an

Why Do Employees Ignore Workplace Emails and How to Fix It?

In today’s fast-paced professional environments, email remains a cornerstone of communication, yet a staggering number of messages go unread or ignored every day, leading to significant challenges. Imagine a critical project update buried in an inbox, overlooked because the subject line was vague or the content felt irrelevant to the recipient. This scenario plays out across countless workplaces, leading to