Copy link
Increase text size
Decrease text size
Link copied

Cryptojacking malware that installs XMR cryptocurrency mining app discored

FritzFrog is a cryptojacking malware that installs XMRig, a cryptocurrency mining app that mines Monero (XRM).

Wikimedia Commons

Fri, 21 Aug 2020, 07:11 am UTC

A cryptojacking malware that has affected millions of IP addresses has been discovered by Guardicore Labs. Known as FritzFrog, the malware targeted government facilities, hospitals, universities, and financial institutions.

“Guardicore has discovered FritzFrog, a sophisticated peer-to-peer (P2P) botnet which has been actively breaching SSH servers since January 2020,” Guardicore said in a post.

The malware seems bent on targeting government, education, healthcare, telecom, and finance-related networks. Once infected, the malware then installs its targets with XMRig, a cryptocurrency mining app that mines Monero (XMR), according to Cointelegraph.

“FritzFrog has attempted to brute force and propagate to tens of millions of IP addresses of governmental offices, educational institutions, medical centers, banks, and numerous telecom companies,” Guardicore noted. A brute force attack is where an attacker submits numerous passwords or passphrases until eventually guessing the correct one.

According to the Tel-Aviv-based data center and cloud security firm, the cryptojacking malware has already infected hundreds of servers from both sides of the Atlantic. “Among those, it has successfully breached more than 500 servers, infecting well-known universities in the U.S. and Europe, and a railway company,” Guardicore said.

Guardicore said that the malware is very stealthy and difficult to detect. “Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory,” the firm noted, adding that it “is completely volatile and leaves no traces on the disk. It creates a backdoor in the form of an SSH public key, enabling the attackers ongoing access to victim machines.”

What is known is that it is written in Golang. At the moment, there are already 20 different versions of the cryptojacking malware.

The security firm said that the malware is likely one of its kind and written by experts. “FritzFrog is completely proprietary; its P2P implementation was written from scratch, teaching us that the attackers are highly professional software developers,” Guardicore added.

The security firm offered a few recommendations to help guard against the malware. “We recommend choosing strong passwords and using public-key authentication, which is much safer,” Guardicore said. “In addition, it is crucial to remove FritzFrog’s public key from the authorized_keys file, preventing the attackers from accessing the machine.”

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

To leave a comment, please sign in.
  • Moses
  • 2020.09.04 23:04:52
I am a cryptocurrency trader and i make over 200% daily, If you are interested,i can teach you how to trade and also help you achieve your goal in life with crypto i can turn
$4500 into $35000 in less then four weeks,now that bitcoin has low prices...please note that cryptocurrency trading is bitcoin unlike binary and Forex,bitcoin is traded for altcoins also you can reach to me if you are new to bitcoin and to give you more info and guideline on how to invest smartly, this is opportunity life time knocking on your door inbox me for more info....contact me on whatsapp :+12067425358 inbox me for serious and long term business ....................................
  • 0
  • ·
  • 0
More
  • Bitcoin (BTC) $10,788.80 (+0.02%)
  • Ethereum (ETH) $363.39 (+1.61%)
  • XRP (XRP) $0.224600 (+0.84%)
  • Bitcoin Cash (BCH) $228.78 (+0.07%)
  • Binance Coin (BNB) $28.00 (-3.24%)
  • Bitcoin (BTC) $10,788.80 (+0.02%)
Feb 21, 2020 (Friday)
12:01
Paxos launches blockchain-based securities settlement solution with Credit Suisse and Instinet
12:00
Brazil to launch new payment system in response to cryptocurrencies
11:59
Digital currency exchange Coinbase Pro lists Kyber Network token
11:57
Norwegian Air to soon start accepting crypto payments
10:21
Swedish central bank begins CBDC pilot with Accenture
09:51
Italian soccer team Juventus launches ethereum-based digital collectibles with Sorare
Feb 20, 2020 (Thursday)
14:16
Telecom companies complete cross-carrier mobile payments using blockchain
11:53
National Stock Exchange of Australia to develop DLT-based digital securities trading platform
11:00
South Korean ICO project discontinued, to return $7.5M to token holders
10:36
Samsung maintains crypto support in soon-to-launch Galaxy S20
09:41
BIS appoints Innovation Hub heads to lead Singapore and Switzerland
09:15
Coinbase becomes first crypto company to receive Visa principal membership
08:59
Dubai Economy and six banks launch KYC Blockchain Consortium
08:26
Crypto Technicals: ETH/USD under downside pressure after 'Bearish Engulfing' pattern
07:12
Tim Draper buys $1M worth of Aragon Tokens to create digital courts for DAOs
06:13
Renewable energy firm Acciona commits to take CBI’s blockchain-based carbon credits trading platform global
05:02
Crypto Technicals: BTC/USD trades below 21-EMA, break below 4H 200 MA (9386) to trigger further downside
04:56
Crypto exchange Coinfloor to launch a simplified bitcoin buying service
04:35
Indonesia’s customs department joins IBM- Maersk blockchain shipping platform “TradeLens”
Feb 19, 2020 (Wednesday)
12:46
Crypto custodian BitGo acquires digital securities startup Harbor
Subscribe to the TokenPost newsletter!
Don't show me this again today.
Back to top
Copyright ⓒ TokenPost. All Rights Reserved.
PUBLISHsoft