Researchers with Check Point have reported a FreakOut botnet that has targeted vulnerabilities in Linux systems. The IRC botnet can be used for DDoS attacks as well as crypto-mining. The attacks aimed at devices that run one of the following:

  • TerraMaster TOS(TerraMaster Operating System) – the operating system used for managing TerraMaster NAS (Network Attached Storage) servers
  • Zend Framework –  a collection of packages used in building web application and services using PHP, with more than 570 million installations
  • Liferay Portal – a free, open-source enterprise portal. It is a web application platform written in Java that offers features relevant for the development of portals and websites

     Source: https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/

Subscribe
Notify of
guest

3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chloé Messdaghi
Chloé Messdaghi , VP of Strategy
InfoSec Expert
January 22, 2021 9:22 am

<p>This FreakOut malware is just at the beginning of its infancy, but it’s a great reminder that even if you think you’re not a target, you absolutely are, and we all need to do whatever we can to stay safe and keep our risks as low as possible. You must always assume that the vulnerability is out there.</p> <p> </p> <p>This malware attacks Linux devices that haven’t been updated. Once it’s gains access to a network, it does port scanning, sending TCP packets, network sniffing, etc. But, if you’ve been updating things in a timely manner, you should be safe right now.</p> <p> </p> <p>What’s interesting is that the top industries that malware affects – banking, healthcare, and government – are the exact ones that are struggling the most with this. You have to be on top of updates at all times, and these industries are known for not updating when they should. Especially since COVID, these industries are most definitely always a huge target.</p>

Last edited 1 year ago by Chloé Messdaghi
Craig Young
Craig Young , Principal Security Researcher
InfoSec Expert
January 20, 2021 11:10 am

<p>The commoditization of malware has absolutely lowered the bar for those looking to snoop or steal but it does not considerably affect defense strategies for general cybercrime. Keeping software up to date, not installing apps from untrusted sources, and leaving Google Play Protect enabled will catch most if not all commercial malware.</p> <p> </p> <p>From my perspective, the real risk from this type of malware is from attackers with physical access to a device who can potentially disable security features to install a backdoor. Domestic abusers can use these tools to cause excessive damage, and it can be incredibly difficult for their victims to recognize and respond to a compromised device. Some helpful resources regarding stalkerware are available here: <a href=\"https://darknetdiaries.com/stalkerware/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://darknetdiaries.com/stalkerware/&source=gmail&ust=1611227114414000&usg=AFQjCNFHspi-aD3o3bnMjrHXRCVBcl-0EA\">https://darknetdiaries.com/<wbr />stalkerware/</a></p>

Last edited 1 year ago by Craig Young
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
January 20, 2021 11:05 am

<p>Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run <em>on</em> those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems.  Fortunately, the botnet is still quite small and relies on Internet Relay Chat (IRC) for command and control.  That means that identifying an infection should be relatively straightforward using network monitoring or security analytics tools provided they are in place.</p>

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x