According to Guardicore Labs, FritzFrog penetrates servers by using the brute-force mechanism.
Researchers at Guardicore Labs did a study and they found out that a malware used on the internet called FritzFrog has been launched on IP addresses numbering up to tens of millions. The criminals launch the malware on universities, governmental offices, hospitals, banks and telecom companies. To make it work, they first add a Monero (XMR) mining app.
Guardicore Labs said for FritzFrog to penetrate any server, it has to be launched by a brute-force attack on many addresses. It’s like guessing different combinations of passwords on an account in an attempt to be lucky with at least one.
If one eventually enters, a new process is run to install XMRig. This process is called “libexec.”
The report says:
“It has successfully breached over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”
Guardicore Labs confessed that FritzFrog was not like many other malwares. The firm said it was difficult to identify it because it uses complicated connections which are hidden in a P2P network.
Ophir Harpaz, who works at the cyber security firm said:
“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory. It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”
She continued by advising everyone to always choose passwords that are difficult to fake. She also advocates the use of public-key authentication for its safety and resilience to a cryptojacking malware.
Not long ago, some researchers working at Cado Security found out another cryptojacking malware called TeamTNT. It was designed specifically to tamper with Amazon Web Services (AWS) data and it also uses the Monero mining app.