A newly discovered malware named FreakOut has been actively targeting Linux-based devices. The aim of this malware is to propagate botnet networks for DDoS attacks and cryptomining. Between January 8 and January 13, around 380 attack attempts were observed.
Diving into details
This new malware comes with a variety of capabilities such as port scanning, information gathering, and data packet and network sniffing. Additionally, each infected device can be used as a remote-controlled attack platform.
- Initially, the malware targets Linux devices with certain products that have unpatched various flaws and vulnerabilities. Exploited flaws include CVE-2020-28188 (TerraMaster TOS), CVE-2021-3007 (Zend Framework), and CVE-2020-7961 (Liferay Portal).
- After taking advantage of one of these flaws, attackers upload an obfuscated Python script named out[.]py. Subsequently, the downloaded script is given permissions by using the chmod command.
- The attacker attempts to run the downloaded script using Python 2, which reached EOL last year.
- The script has several capabilities such as port scanning feature, creating and sending packets, system fingerprinting, and brute-force ability by using hard-coded credentials to infect other network devices.
Recent attacks on Linux systems
- In early January, ElectroRAT was used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.
- Last month, a Golang-based malware was discovered that targets Windows and Linux servers.
Unpatched flaws are always a big security risk and cybercriminals will always tend to take advantage of them. Therefore, experts suggest users always patch their Linux servers and personal devices, use a reliable anti-malware solution, and deploy intrusion prevention systems for better protection.