FritzFrog | Altitude Unlimited

FritzFrog

9/01/2020

FitzFrog botnet written in GOlang is using secure and encrypted Peer-to-Peer communication protocol to distribute malware and take control of device nodes. Encrypted communication makes the botnet difficult to detect and enables it to propagate across multiple infected SSH servers.

OVERVIEW

A sophisticated modular, multi-threaded and file-less, Golang-Based peer-to-peer botnet FritzFrog is actively targeting SSH servers of governmental offices, educational institutions, medical centers, banks and telecom companies since January 2020.
FritzFrog successfully breached 500 servers by infecting well-known universities in the U.S. and Europe, and a railway company.
FritzFrog botnet has worm functionality and spreading over SSH to mine Monero cryptocurrency.
The botnet has decentralized P2P infrastructure that evenly distributes control among all its nodes, so there is no single point-of-failure and no command-and-control server (C2). P2P communication is done over an encrypted channel, using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange.
Routers and IoT devices with exposed SSH on internet are vulnerable to FritzFrog.

OVERVIEW

A sophisticated modular, multi-threaded and file-less, Golang-Based peer-to-peer botnet FritzFrog is actively targeting SSH servers of governmental offices, educational institutions, medical centers, banks and telecom companies since January 2020.

FritzFrog successfully breached 500 servers by infecting well-known universities in the U.S. and Europe, and a railway company.

FritzFrog botnet has worm functionality and spreading over SSH to mine Monero cryptocurrency.

Routers and IoT devices with exposed SSH on internet are vulnerable to FritzFrog.