‘Highly Professional’ Cryptojacking Malware Targets Banking, Education Sectors

Thursday, 20/08/2020 | 06:43 GMT by Rachel McIntosh
  • Researchers at Guardicore say that the malware was created by “highly professional software developers.”
‘Highly Professional’ Cryptojacking Malware Targets Banking, Education Sectors
FM

Cybersecurity firm Guardicore Labs has recently published findings on FritzFrog, a Cryptojacking malware botnet that has been deployed to tens of millions of IP addresses. According to the findings, FritzFrog has mostly targeted medical centers, banks, telecommunication companies, government offices and educational institutions.

So far, the success of the botnet’s attacks has been prolific: Guardicore’s report found that so far, FritzFrog has compromised “over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”

The botnet uses a type of brute-force attack on millions of different servers in order to break in. Once it gains access, FritzFrog runs a separate process named 'libexec' to execute XMRig, the malware that co-opts computing power to mine Monero.

'Highly Professional' Malware

While cryptojacking malware is certainly nothing new, Guardicore says that FritzFrog appears to be unique. For one thing, the botnet’s connections were hidden within a peer-to-peer (P2P) network, which made it difficult to track.

“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory,” the report said. “It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”

Additionally, Guardicore found that FritzFrog’s 'p2p implementation was written from scratch', which seems to indicate that the malware was created by 'highly professional software developers'.

FritzFrog’s protocol is written in a language called Golang, which 'is completely volatile and leaves no traces on the disk'. It also creates a SSH public key that acts as a 'backdoor', which enables ongoing access to compromised machines.

Cryptojacking Malware Has Targeted Large Institutions Before

Earlier this year, Finance Magnates reported that another form of cryptojacking malware was targeting 'supercomputers' that belong to institutions similar to the ones that FritzFrog seems to be targeting.

At that time, the crypto malware caused a number of of these 'supercomputers' to go offline. The timing of the shutdowns is particularly bad because of the fact that many of the organizations running the computers were prioritizing research on COVID-19. This research may have been hampered as a result of the malware and the subsequent shutdowns.

Cybersecurity firm Guardicore Labs has recently published findings on FritzFrog, a Cryptojacking malware botnet that has been deployed to tens of millions of IP addresses. According to the findings, FritzFrog has mostly targeted medical centers, banks, telecommunication companies, government offices and educational institutions.

So far, the success of the botnet’s attacks has been prolific: Guardicore’s report found that so far, FritzFrog has compromised “over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”

The botnet uses a type of brute-force attack on millions of different servers in order to break in. Once it gains access, FritzFrog runs a separate process named 'libexec' to execute XMRig, the malware that co-opts computing power to mine Monero.

'Highly Professional' Malware

While cryptojacking malware is certainly nothing new, Guardicore says that FritzFrog appears to be unique. For one thing, the botnet’s connections were hidden within a peer-to-peer (P2P) network, which made it difficult to track.

“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory,” the report said. “It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”

Additionally, Guardicore found that FritzFrog’s 'p2p implementation was written from scratch', which seems to indicate that the malware was created by 'highly professional software developers'.

FritzFrog’s protocol is written in a language called Golang, which 'is completely volatile and leaves no traces on the disk'. It also creates a SSH public key that acts as a 'backdoor', which enables ongoing access to compromised machines.

Cryptojacking Malware Has Targeted Large Institutions Before

Earlier this year, Finance Magnates reported that another form of cryptojacking malware was targeting 'supercomputers' that belong to institutions similar to the ones that FritzFrog seems to be targeting.

At that time, the crypto malware caused a number of of these 'supercomputers' to go offline. The timing of the shutdowns is particularly bad because of the fact that many of the organizations running the computers were prioritizing research on COVID-19. This research may have been hampered as a result of the malware and the subsequent shutdowns.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 55 Followers
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.

More from the Author

CryptoCurrency