FritzFrog Botnet Returns with New Variant Exploiting Log4Shell Vulnerability

The threat actor behind the peer-to-peer (P2P) botnet known as FritzFrog has resurfaced with a new variant that leverages the Log4Shell vulnerability to propagate internally within compromised networks. FritzFrog was first discovered by Guardicore (now part of Akamai) in August 2020 and is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. This latest version represents a significant development as it uses Log4Shell as a secondary infection vector to specifically target internal hosts, rather than focusing solely on vulnerable public-facing assets. This means that even if internet-facing applications have been patched, a breach of any other endpoint can expose unpatched internal systems to exploitation, facilitating the propagation of the malware.

Background of FritzFrog

Guardicore’s initial documentation sheds light on the operations of FritzFrog, highlighting its preference for targeting internet-facing servers with weak SSH credentials. The botnet is primarily designed to compromise these servers and gain unauthorized access, ultimately enabling the threat actor to execute malicious operations.

Log4Shell as a secondary infection vector

What makes this latest variant of FritzFrog unique is its utilization of the Log4Shell vulnerability as a secondary infection vector to specifically target internal hosts. The Log4Shell vulnerability, also known as CVE-2021-44228, affects the Apache Logging Services library and has been a major concern since its discovery. By exploiting this vulnerability, FritzFrog can target vulnerable internal systems that may have been overlooked or have yet to be patched.

Enhancements in SSH Brute-Force Component

The SSH brute-force component of FritzFrog has received significant enhancements with this new variant. It leverages a facelift to identify specific SSH targets by enumerating system logs on each victim. By analyzing system logs, FritzFrog gains insights into potential vulnerabilities and weak points in SSH protocols, allowing it to optimize its brute-forcing efforts and successfully compromise SSH credentials.

Utilizing CVE-2021-4034 for local privilege escalation

In addition to leveraging Log4Shell, the latest variant of FritzFrog exploits the PwnKit flaw, tracked as CVE-2021-4034, to achieve local privilege escalation. This flaw allows the malware to gain elevated privileges on compromised systems, enabling it to perform more advanced and malicious activities.

Tactics for remaining hidden and avoiding detection

FritzFrog employs various tactics to remain hidden and evade detection by security measures. One of its notable approaches involves avoiding dropping files to disk whenever possible. To accomplish this, FritzFrog utilizes the shared memory location “/dev/shm,” a technique also employed by other Linux-based malware such as BPFDoor and Commando Cat. Additionally, FritzFrog uses memfd_create to execute memory-resident payloads, further reducing its visibility and detection rates.

Infected Slurs Botnet Exploits DVR Device Flaws

The disclosure of the new FritzFrog variant coincides with Akamai’s revelation of the active exploitation by the InfectedSlurs botnet. InfectedSlurs is leveraging now-patched security flaws affecting multiple DVR device models from Hitron Systems. This botnet employs these vulnerabilities to launch distributed denial-of-service (DDoS) attacks, further underscoring the ongoing threats posed by botnets and vulnerable devices.

Impact and Victims of FritzFrog

FritzFrog has steadily expanded its reach over the years, claiming more than 1,500 victims to date. Initially focusing on internet-facing servers, the botnet has now diversified its target sectors to include healthcare, education, and government organizations. This broader scope amplifies the potential impact and underscores the urgent need for enhanced cybersecurity measures within these critical sectors.

The resurgence of the FritzFrog botnet with its new variant, exploiting the Log4Shell vulnerability, highlights the evolving nature of cyber threats and the constant need for vigilance in maintaining robust security measures. This latest development emphasizes the importance of promptly patching known vulnerabilities and implementing strong authentication protocols, such as secure SSH credentials. Proactive cybersecurity practices remain vital in safeguarding sensitive data, preventing unauthorized access, and mitigating the risks posed by sophisticated malware strains like FritzFrog. As the threat landscape continues to evolve, organizations must stay one step ahead by investing in advanced threat detection and mitigation technologies to protect their networks and resources from increasingly sophisticated cyber threats.

Explore more

How Can MRP and MPS Optimize Your Supply Chain in D365?

Introduction Imagine a manufacturing operation where every order is fulfilled on time, inventory levels are perfectly balanced, and production schedules run like clockwork, all without excessive costs or last-minute scrambles. This scenario might seem like a distant dream for many businesses grappling with supply chain complexities. Yet, with the right tools in Microsoft Dynamics 365 Business Central, such efficiency is

Streamlining ERP Reporting in Dynamics 365 BC with FYIsoft

In the fast-paced realm of enterprise resource planning (ERP), financial reporting within Microsoft Dynamics 365 Business Central (BC) has reached a pivotal moment where innovation is no longer optional but essential. Finance professionals are grappling with intricate data sets spanning multiple business functions, often bogged down by outdated tools and cumbersome processes that fail to keep up with modern demands.

Top Digital Marketing Trends Shaping the Future of Brands

In an era where digital interactions dominate consumer behavior, brands face an unprecedented challenge: capturing attention in a crowded online space where billions of interactions occur daily. Imagine a scenario where a single misstep in strategy could mean losing relevance overnight, as competitors leverage cutting-edge tools to engage audiences in ways previously unimaginable. This reality underscores a critical need for

Microshifting Redefines the Traditional 9-to-5 Workday

Imagine a workday where logging in at 6 a.m. to tackle critical tasks, stepping away for a midday errand, and finishing a project after dinner feels not just possible, but encouraged. This isn’t a far-fetched dream; it’s the reality for a growing number of employees embracing a trend known as microshifting. With 65% of office workers craving more schedule flexibility

Boost Employee Engagement with Attention-Grabbing Tactics

Introduction to Employee Engagement Challenges and Solutions Imagine a workplace where half the team is disengaged, merely going through the motions, while productivity stagnates and innovative ideas remain unspoken. This scenario is all too common, with studies showing that a significant percentage of employees worldwide lack a genuine connection to their roles, directly impacting retention, creativity, and overall performance. Employee