The FritzFrog botnet has reappeared with a new P2P campaign, showing growth of 10x within only a month.
FritzFrog is a peer-to-peer botnet discovered in January 2020. Over a period of eight months, the botnet managed to strike at least 500 government and enterprise SSH servers.
The P2P botnet, written in the Golang programming language, is decentralized in nature and will attempt to brute-force servers, cloud instances, and other devices — including routers — that have exposed entry points on the internet.
On Thursday, cybersecurity researchers from Akamai Threat Labs said that despite having gone quiet after its previous attack wave, since December, the botnet has reappeared with an exponential growth surge.
“FritzFrog propagates over SSH,” the researchers say. “Once it finds a server’s credentials using a simple (yet aggressive) brute force technique, it establishes an SSH session with the new victim and drops the malware executable on the host. The malware then starts listening and waiting for commands.”
In total, 24,000 attacks have been detected to date. And 1,500 hosts have been infected, the majority of which are located in China. The botnet is used to mine for cryptocurrency.
Healthcare, education, and government sectors are all