FritzFrog Botnet Returns with New Variant Exploiting Log4Shell Vulnerability

The threat actor behind the peer-to-peer (P2P) botnet known as FritzFrog has resurfaced with a new variant that leverages the Log4Shell vulnerability to propagate internally within compromised networks. FritzFrog was first discovered by Guardicore (now part of Akamai) in August 2020 and is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. This latest version represents a significant development as it uses Log4Shell as a secondary infection vector to specifically target internal hosts, rather than focusing solely on vulnerable public-facing assets. This means that even if internet-facing applications have been patched, a breach of any other endpoint can expose unpatched internal systems to exploitation, facilitating the propagation of the malware.

Background of FritzFrog

Guardicore’s initial documentation sheds light on the operations of FritzFrog, highlighting its preference for targeting internet-facing servers with weak SSH credentials. The botnet is primarily designed to compromise these servers and gain unauthorized access, ultimately enabling the threat actor to execute malicious operations.

Log4Shell as a secondary infection vector

What makes this latest variant of FritzFrog unique is its utilization of the Log4Shell vulnerability as a secondary infection vector to specifically target internal hosts. The Log4Shell vulnerability, also known as CVE-2021-44228, affects the Apache Logging Services library and has been a major concern since its discovery. By exploiting this vulnerability, FritzFrog can target vulnerable internal systems that may have been overlooked or have yet to be patched.

Enhancements in SSH Brute-Force Component

The SSH brute-force component of FritzFrog has received significant enhancements with this new variant. It leverages a facelift to identify specific SSH targets by enumerating system logs on each victim. By analyzing system logs, FritzFrog gains insights into potential vulnerabilities and weak points in SSH protocols, allowing it to optimize its brute-forcing efforts and successfully compromise SSH credentials.

Utilizing CVE-2021-4034 for local privilege escalation

In addition to leveraging Log4Shell, the latest variant of FritzFrog exploits the PwnKit flaw, tracked as CVE-2021-4034, to achieve local privilege escalation. This flaw allows the malware to gain elevated privileges on compromised systems, enabling it to perform more advanced and malicious activities.

Tactics for remaining hidden and avoiding detection

FritzFrog employs various tactics to remain hidden and evade detection by security measures. One of its notable approaches involves avoiding dropping files to disk whenever possible. To accomplish this, FritzFrog utilizes the shared memory location “/dev/shm,” a technique also employed by other Linux-based malware such as BPFDoor and Commando Cat. Additionally, FritzFrog uses memfd_create to execute memory-resident payloads, further reducing its visibility and detection rates.

Infected Slurs Botnet Exploits DVR Device Flaws

The disclosure of the new FritzFrog variant coincides with Akamai’s revelation of the active exploitation by the InfectedSlurs botnet. InfectedSlurs is leveraging now-patched security flaws affecting multiple DVR device models from Hitron Systems. This botnet employs these vulnerabilities to launch distributed denial-of-service (DDoS) attacks, further underscoring the ongoing threats posed by botnets and vulnerable devices.

Impact and Victims of FritzFrog

FritzFrog has steadily expanded its reach over the years, claiming more than 1,500 victims to date. Initially focusing on internet-facing servers, the botnet has now diversified its target sectors to include healthcare, education, and government organizations. This broader scope amplifies the potential impact and underscores the urgent need for enhanced cybersecurity measures within these critical sectors.

The resurgence of the FritzFrog botnet with its new variant, exploiting the Log4Shell vulnerability, highlights the evolving nature of cyber threats and the constant need for vigilance in maintaining robust security measures. This latest development emphasizes the importance of promptly patching known vulnerabilities and implementing strong authentication protocols, such as secure SSH credentials. Proactive cybersecurity practices remain vital in safeguarding sensitive data, preventing unauthorized access, and mitigating the risks posed by sophisticated malware strains like FritzFrog. As the threat landscape continues to evolve, organizations must stay one step ahead by investing in advanced threat detection and mitigation technologies to protect their networks and resources from increasingly sophisticated cyber threats.

Explore more

AI Revolutionizes Corporate Finance: Enhancing CFO Strategies

Imagine a finance department where decisions are made with unprecedented speed and accuracy, and predictions of market trends are made almost effortlessly. In today’s rapidly changing business landscape, CFOs are facing immense pressure to keep up. These leaders wonder: Can Artificial Intelligence be the game-changer they’ve been waiting for in corporate finance? The unexpected truth is that AI integration is

AI Revolutionizes Risk Management in Financial Trading

In an era characterized by rapid change and volatility, artificial intelligence (AI) emerges as a pivotal tool for redefining risk management practices in financial markets. Financial institutions increasingly turn to AI for its advanced analytical capabilities, offering more precise and effective risk mitigation. This analysis delves into key trends, evaluates current market patterns, and projects the transformative journey AI is

Is AI Transforming or Enhancing Financial Sector Jobs?

Artificial intelligence stands at the forefront of technological innovation, shaping industries far and wide, and the financial sector is no exception to this transformative wave. As AI integrates into finance, it isn’t merely automating tasks or replacing jobs but is reshaping the very structure and nature of work. From asset allocation to compliance, AI’s influence stretches across the industry’s diverse

RPA’s Resilience: Evolving in Automation’s Complex Ecosystem

Ever heard the assertion that certain technologies are on the brink of extinction, only for them to persist against all odds? In the rapidly shifting tech landscape, Robotic Process Automation (RPA) has continually faced similar scrutiny, predicted to be overtaken by shinier, more advanced systems. Yet, here we are, with RPA not just surviving but thriving, cementing its role within

How Is RPA Transforming Business Automation?

In today’s fast-paced business environment, automation has become a pivotal strategy for companies striving for efficiency and innovation. Robotic Process Automation (RPA) has emerged as a key player in this automation revolution, transforming the way businesses operate. RPA’s capability to mimic human actions while interacting with digital systems has positioned it at the forefront of technological advancement. By enabling companies