Monero Cryptojacking Malware Targets Higher Education
Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers.
According to a study published by Guardicore Labs, a malware botnet known as FritzFrog has been deployed to ten millions of IP addresses. The malware has largely targeted governmental offices, educational institutions, medical centers, banks, and telecommunication companies, installing a Monero (XMR) mining app known as XMRig.
Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers. Thatâ€™s where an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
After it gets in it proceeds to run a separate process named â€œlibexecâ€� to execute XMRig.
â€œIt has successfully breached over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.â€�
The cybersecurity firm said that FritzFrog appears to be a one-of-its-kind malware, and that it was a â€œcomplicated taskâ€� to track it as the connections were hidden within a peer-to-peer (P2P) network.
Ophir Harpaz, a researcher at Guardicore Labs, commented:
â€œUnlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory. It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.â€�
Harpaz recommends choosing strong passwords and using public-key authentication, â€œwhich is much safer,â€� to avoid being attacked successfully by a cryptojacking malware like FritzFrog.
Recently, cybersecurity researchers at Cado Security detected what they believe to be the first-ever stealth crypto mining campaign to steal Amazon Web Services (AWS) credentials, named TeamTNT, which also deploys the XMR mining app.
Powered by WPeMatico