Researchers with Check Point have reported a FreakOut botnet that has targeted vulnerabilities in Linux systems. The IRC botnet can be used for DDoS attacks as well as crypto-mining. The attacks aimed at devices that run one of the following:

  • TerraMaster TOS(TerraMaster Operating System) – the operating system used for managing TerraMaster NAS (Network Attached Storage) servers
  • Zend Framework –  a collection of packages used in building web application and services using PHP, with more than 570 million installations
  • Liferay Portal – a free, open-source enterprise portal. It is a web application platform written in Java that offers features relevant for the development of portals and websites

     Source: https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/

Experts Comments

January 22, 2021
Chloé Messdaghi
VP of Strategy
Point3 Security

This FreakOut malware is just at the beginning of its infancy, but it’s a great reminder that even if you think you’re not a target, you absolutely are, and we all need to do whatever we can to stay safe and keep our risks as low as possible. You must always assume that the vulnerability is out there.

 

This malware attacks Linux devices that haven’t been updated. Once it’s gains access to a network, it does port scanning, sending TCP packets, network sniffing, etc. But, if you’ve been

.....Read More

This FreakOut malware is just at the beginning of its infancy, but it’s a great reminder that even if you think you’re not a target, you absolutely are, and we all need to do whatever we can to stay safe and keep our risks as low as possible. You must always assume that the vulnerability is out there.

 

This malware attacks Linux devices that haven’t been updated. Once it’s gains access to a network, it does port scanning, sending TCP packets, network sniffing, etc. But, if you’ve been updating things in a timely manner, you should be safe right now.

 

What’s interesting is that the top industries that malware affects – banking, healthcare, and government – are the exact ones that are struggling the most with this. You have to be on top of updates at all times, and these industries are known for not updating when they should. Especially since COVID, these industries are most definitely always a huge target.

  Read Less
January 20, 2021
Craig Young
Principal Security Researcher
Tripwire

The commoditization of malware has absolutely lowered the bar for those looking to snoop or steal but it does not considerably affect defense strategies for general cybercrime. Keeping software up to date, not installing apps from untrusted sources, and leaving Google Play Protect enabled will catch most if not all commercial malware.

 

From my perspective, the real risk from this type of malware is from attackers with physical access to a device who can potentially disable security features to

.....Read More

The commoditization of malware has absolutely lowered the bar for those looking to snoop or steal but it does not considerably affect defense strategies for general cybercrime. Keeping software up to date, not installing apps from untrusted sources, and leaving Google Play Protect enabled will catch most if not all commercial malware.

 

From my perspective, the real risk from this type of malware is from attackers with physical access to a device who can potentially disable security features to install a backdoor. Domestic abusers can use these tools to cause excessive damage, and it can be incredibly difficult for their victims to recognize and respond to a compromised device. Some helpful resources regarding stalkerware are available here: https://darknetdiaries.com/stalkerware/

  Read Less
January 20, 2021
Saryu Nayyar
CEO
Gurucul

Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run on those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems.  Fortunately, the botnet is still quite small and relies on Internet Relay Chat

.....Read More

Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run on those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems.  Fortunately, the botnet is still quite small and relies on Internet Relay Chat (IRC) for command and control.  That means that identifying an infection should be relatively straightforward using network monitoring or security analytics tools provided they are in place.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.