[MART] - Daily Diary #450 - FritzFrog Botnet Spikes

CTAS-MAT ctas-mat at appgate.com
Thu Feb 10 21:34:48 UTC 2022 

Hello,

I hope everyone is doing well!

Below is the entry for today.

02/10/2022 - Diary entry #450:

FritzFrog is a decentralized Botnet malware written in Golang. After its discovery, in August 2020, the number of incidents with FritzFrog has continuously decreased.

FritzFrog targets mainly exposed SSH servers by brute-forcing them. Then, it drops another malicious payload that is used to scan other IP addresses and/or used to deliver other threats such as crypto miners. Its P2P (Peer-to-Peer) architecture allows FritzFrog to quickly recover from takedowns. Each infected host acts as a Command & Control server capable of sending, receiving, and executing commands.

Starting December 2021, a new campaign of FritzFrog was observed resulting in a high infection rate within a month when 1,500 distinct hosts have been infected. This new campaign included new functionalities to the Botnet such as the usage of a Tor proxy chain to hide the address of infected hosts and the ability to track WordPress servers. This last functionality alone is not capable of compromising WordPress servers yet, which can suggest that it's still in development. Therefore, we can expect more FritzFrog campaigns to rise, targeting WordPress and even other CMS distributions.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
C: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220210/9bf9fbca/attachment.htm>

More information about the MART mailing list