‘Highly Professional’ Cryptojacking Malware Targets Banking, Education Sectors

Cybersecurity Cybersecurity Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Read this Term firm Guardicore Labs has recently published findings on FritzFrog, a Cryptojacking Cryptojacking Cryptojacking is defined as the unauthorized use of an individual’s computer to mine cryptocurrency. Hackers accomplish this feat by through several means.This includes obtaining access via malicious links in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.Consequently, this crypto mining code is able to work out of sight of unsuspecting victims, often without notice. The on Cryptojacking is defined as the unauthorized use of an individual’s computer to mine cryptocurrency. Hackers accomplish this feat by through several means.This includes obtaining access via malicious links in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.Consequently, this crypto mining code is able to work out of sight of unsuspecting victims, often without notice. The on Read this Term malware botnet that has been deployed to tens of millions of IP addresses. According to the findings, FritzFrog has mostly targeted medical centers, banks, telecommunication companies, government offices and educational institutions.

So far, the success of the botnet’s attacks has been prolific: Guardicore’s report found that so far, FritzFrog has compromised “over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”

The botnet uses a type of brute-force attack on millions of different servers in order to break in. Once it gains access, FritzFrog runs a separate process named 'libexec' to execute XMRig, the malware that co-opts computing power to mine Monero.

'Highly Professional' Malware

While cryptojacking malware is certainly nothing new, Guardicore says that FritzFrog appears to be unique. For one thing, the botnet’s connections were hidden within a peer-to-peer (P2P) network, which made it difficult to track.

“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory,” the report said. “It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”

Additionally, Guardicore found that FritzFrog’s 'p2p implementation was written from scratch', which seems to indicate that the malware was created by 'highly professional software developers'.

FritzFrog’s protocol is written in a language called Golang, which 'is completely volatile and leaves no traces on the disk'. It also creates a SSH public key that acts as a 'backdoor', which enables ongoing access to compromised machines.

Cryptojacking Malware Has Targeted Large Institutions Before

Earlier this year, Finance Magnates reported that another form of cryptojacking malware was targeting 'supercomputers' that belong to institutions similar to the ones that FritzFrog seems to be targeting.

At that time, the crypto malware caused a number of of these 'supercomputers' to go offline. The timing of the shutdowns is particularly bad because of the fact that many of the organizations running the computers were prioritizing research on COVID-19. This research may have been hampered as a result of the malware and the subsequent shutdowns.