The FritzFrog botnet, which has been operative for more than two years, has reemerged with a concerning infection rate, having grodawn tenfold in just a month after compromising medical, education, and government systems via a vulnerable SSH server.
The malware was noticed in August 2020 and is written in the Golang programming language.
As explained by BleepingComputer, the FritzFrog botnet is regarded as an advanced cyber threat that relies on custom code, runs in memory, and is decentralized – peer-to-peer (P2P), so it does not necessitate a central management server.
According to cybersecurity experts at Akamai Threat Labs, the botnet has resurfaced with a rapid growth surge since December, despite having disappeared quietly following its previous attack wave.
They said the new FritzFrog malware variant includes some intriguing new features, such as the ability to use the Tor proxy chain, and also indicates that its developers are planning to add capabilities to attack WordPress servers.
The actors have implemented a filtering list to skip low-powered devices such as Raspberry Pi boards, while the malware now contains code that lays the groundwork for targeting WordPress sites.
Given the botnet’s reputation for cryptocurrency mining, this feature is an odd addition. However,