FritzFrog Monero Cryptojacking Malware Attack Millions Of Addresses Author: Ali Raza Last Updated: 20 August 2020 Guardicore Labs, a cybersecurity firm, has recently published a study regarding a new malware botnet going by the name of FritzFrog. This botnet has already been deployed to millions of IP addresses, targeting educational institutions, governmental offices, banks, medical centers, as well as telecommunications companies. From there, the malware installs a Monero (XMR) mining app going by the name of XMRig. Brute-Force Hacking Used To Attack Everywhere Guardicore explained that FritzFrog leverages a brute-force attack, doing so on millions of addresses in order to gain access to servers. While crude, the process of brute-force attacking, sending countless forms of passwords in the hope of guessing correctly, does give up results eventually. After eventually finding a way in, the malware runs a separate process called “libexec,” which then executes the XMRig mining app. According to Guardicore, the malware had already successfully breached more than 500 SSH servers, including that of well-known high-education institutions within Europe and the US. Alongside this, a railway company was affected too. A New Breed Of Malware Guardicore Labs described this malware as a one-of-its-kind creation, and warned that it would be a complicated job of actually tracking it. This is primarily due to the connections within the peer-to-peer (P2P) network itself has been hidden. Ophir Harpaz stands as a researcher at Guardicore Labs, and gave comment about the matter at large. Harpaz explained that FritzFrog combines an array of properties, which makes it stand apart from other P2P botnets. The first of which is it is fileless, assembling and executing payloads within the memory. Another key factor is the lever of aggression it shows in the brute-force attempts, even if it manages to keep efficiency by evenly distributing targets within the network itself. Innovation At Its Worst In regards to general safety, Harpaz urged the general public to make use of public-key authentication, as well as strong passwords. Harpaz stated this will allow you to be far safer in light of this new botnet, and will help avoid being attacked by malware like FritzFrog. It seems XMR is the go-to for crypto-malware, as Cado Security had recently detected a new innovation in cyber-crime as well. The security firm is convinced they detected the first-ever stealth crypto mining campaign in history, aiming to steal credentials from Amazon Web Services (AWS). This malware was named TeamTNT, and made use of XMR mining, as well.