FitzFrog botnet written in GOlang is using secure and encrypted Peer-to-Peer communication protocol to distribute malware and take control of device nodes. Encrypted communication makes the botnet difficult to detect and enables it to propagate across multiple infected SSH servers.


  • A sophisticated modular, multi-threaded and file-less, Golang-Based peer-to-peer botnet FritzFrog is actively targeting SSH servers of governmental offices, educational institutions, medical centers, banks and telecom companies since January 2020.

  • FritzFrog successfully breached 500 servers by infecting well-known universities in the U.S. and Europe, and a railway company.

  • FritzFrog botnet has worm functionality and spreading over SSH to mine Monero cryptocurrency.

  • The botnet has decentralized P2P infrastructure that evenly distributes control among all its nodes, so there is no single point-of-failure and no command-and-control server (C2). P2P communication is done over an encrypted channel, using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange.

  • Routers and IoT devices with exposed SSH on internet are vulnerable to FritzFrog.