FritzFrog Botnet Returns with New Variant Exploiting Log4Shell Vulnerability

The threat actor behind the peer-to-peer (P2P) botnet known as FritzFrog has resurfaced with a new variant that leverages the Log4Shell vulnerability to propagate internally within compromised networks. FritzFrog was first discovered by Guardicore (now part of Akamai) in August 2020 and is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. This latest version represents a significant development as it uses Log4Shell as a secondary infection vector to specifically target internal hosts, rather than focusing solely on vulnerable public-facing assets. This means that even if internet-facing applications have been patched, a breach of any other endpoint can expose unpatched internal systems to exploitation, facilitating the propagation of the malware.

Background of FritzFrog

Guardicore’s initial documentation sheds light on the operations of FritzFrog, highlighting its preference for targeting internet-facing servers with weak SSH credentials. The botnet is primarily designed to compromise these servers and gain unauthorized access, ultimately enabling the threat actor to execute malicious operations.

Log4Shell as a secondary infection vector

What makes this latest variant of FritzFrog unique is its utilization of the Log4Shell vulnerability as a secondary infection vector to specifically target internal hosts. The Log4Shell vulnerability, also known as CVE-2021-44228, affects the Apache Logging Services library and has been a major concern since its discovery. By exploiting this vulnerability, FritzFrog can target vulnerable internal systems that may have been overlooked or have yet to be patched.

Enhancements in SSH Brute-Force Component

The SSH brute-force component of FritzFrog has received significant enhancements with this new variant. It leverages a facelift to identify specific SSH targets by enumerating system logs on each victim. By analyzing system logs, FritzFrog gains insights into potential vulnerabilities and weak points in SSH protocols, allowing it to optimize its brute-forcing efforts and successfully compromise SSH credentials.

Utilizing CVE-2021-4034 for local privilege escalation

In addition to leveraging Log4Shell, the latest variant of FritzFrog exploits the PwnKit flaw, tracked as CVE-2021-4034, to achieve local privilege escalation. This flaw allows the malware to gain elevated privileges on compromised systems, enabling it to perform more advanced and malicious activities.

Tactics for remaining hidden and avoiding detection

FritzFrog employs various tactics to remain hidden and evade detection by security measures. One of its notable approaches involves avoiding dropping files to disk whenever possible. To accomplish this, FritzFrog utilizes the shared memory location “/dev/shm,” a technique also employed by other Linux-based malware such as BPFDoor and Commando Cat. Additionally, FritzFrog uses memfd_create to execute memory-resident payloads, further reducing its visibility and detection rates.

Infected Slurs Botnet Exploits DVR Device Flaws

The disclosure of the new FritzFrog variant coincides with Akamai’s revelation of the active exploitation by the InfectedSlurs botnet. InfectedSlurs is leveraging now-patched security flaws affecting multiple DVR device models from Hitron Systems. This botnet employs these vulnerabilities to launch distributed denial-of-service (DDoS) attacks, further underscoring the ongoing threats posed by botnets and vulnerable devices.

Impact and Victims of FritzFrog

FritzFrog has steadily expanded its reach over the years, claiming more than 1,500 victims to date. Initially focusing on internet-facing servers, the botnet has now diversified its target sectors to include healthcare, education, and government organizations. This broader scope amplifies the potential impact and underscores the urgent need for enhanced cybersecurity measures within these critical sectors.

The resurgence of the FritzFrog botnet with its new variant, exploiting the Log4Shell vulnerability, highlights the evolving nature of cyber threats and the constant need for vigilance in maintaining robust security measures. This latest development emphasizes the importance of promptly patching known vulnerabilities and implementing strong authentication protocols, such as secure SSH credentials. Proactive cybersecurity practices remain vital in safeguarding sensitive data, preventing unauthorized access, and mitigating the risks posed by sophisticated malware strains like FritzFrog. As the threat landscape continues to evolve, organizations must stay one step ahead by investing in advanced threat detection and mitigation technologies to protect their networks and resources from increasingly sophisticated cyber threats.

Explore more

Business Central Mobile Apps Transform Operations On-the-Go

In an era where business agility defines success, the ability to manage operations from any location has become a critical advantage for companies striving to stay ahead of the curve, and Microsoft Dynamics 365 Business Central mobile apps are at the forefront of this shift. These apps redefine how organizations handle essential tasks like finance, sales, and inventory management by

Transparency Key to Solving D365 Pricing Challenges

Understanding the Dynamics 365 Landscape Imagine a business world where operational efficiency hinges on a single, powerful tool, yet many enterprises struggle to harness its full potential due to unforeseen hurdles. Microsoft Dynamics 365 (D365), a leading enterprise resource planning (ERP) and customer relationship management (CRM) solution, stands as a cornerstone for medium to large organizations aiming to integrate and

Generative AI Transforms Finance with Automation and Strategy

This how-to guide aims to equip finance professionals, particularly chief financial officers (CFOs) and their teams, with actionable insights on leveraging generative AI to revolutionize their operations. By following the steps outlined, readers will learn how to automate routine tasks, enhance strategic decision-making, and position their organizations for competitive advantage in a rapidly evolving industry. The purpose of this guide

How Is Tech Revolutionizing Traditional Payroll Systems?

In an era where adaptability defines business success, the payroll landscape is experiencing a profound transformation driven by technological innovation, reshaping how companies manage compensation. For decades, businesses relied on rigid monthly or weekly pay cycles that often failed to align with the diverse needs of employees or the dynamic nature of modern enterprises. Today, however, a wave of cutting-edge

Why Is Employee Career Development a Business Imperative?

Setting the Stage for a Critical Business Priority Imagine a workplace where top talent consistently leaves for better opportunities, costing millions in turnover while productivity stagnates due to outdated skills. This scenario is not a distant possibility but a reality for many organizations that overlook employee career development. In an era of rapid technological change and fierce competition for skilled