Fileless P2P Fritzfrog Botnet

August 26, 2020
Fritzfrog Botnet malware p2p antimalware solutions

A new variant of Botnet has been unraveled by Cybersecurity experts that have been ongoing since January of this year. According to statistical reports, the current intrusion rate already summed up to 13000 successful attacks on devices and more than 500 servers from its adversaries. The malware was named ‘Fritzfrog’ by the experts, which is an origin of the GoLang botnets family that is created based on Linux backdoor programming.

Among its sophisticated feature is being file-less as the malware resides on the system memory, leaving no trace behind. Just like the ‘Rakos’ Botnet, it can scan to many devices and search for vulnerable IPs and SSH ports that are open or have a weak password in the network. Gathered information, which includes device configuration, is then transferred to the perpetrators. With the code customization feature of Fritzfrog, perpetrators can send the specialized code that fits the targeted device for a successful attack.


Living by its name – Fritzfrog, this type of Botnet behaves by leaping to different servers that have been compromised to avoid being tracked by any security software.


Just like the typical torrent file transferring system, this provides an edge to the Fritzfrog to deceive security applications in identifying an infiltration or attack on the targeted system. It is confirmed that these adversaries stealthily performed brute force by attacking the targeted device through segmented data transfer. Once the whole file was entirely transferred onto the targeted device, the malware feature of customized self-extraction and installation will commence compromising the device and adding it to their network of infected devices.

With the malware’s ingenuity to control first the SSH functionality of these devices, they were able to encrypt and establish secure connections throughout their bot network. By also exploiting the default open port 1234 of many devices, it allows these adversaries to perform their remote command and control, including exfiltration of needed information that is captured or stored on the infected machines. Thus, having limitless access to the victim’s or vast network resources will give them an endless possibility for profiteering.

Its infiltration has already spread mainly through the United States and Europe and other parts of the globe, targeting most pertinent universities, government organizations, financial companies, telecom providers, and health institutions.

The security group that unraveled this modus operandi has already made its move by creating a mitigation plan that includes devising an app that can run to detect Fritzfrog and citing signs of possible infection. They advised administrators and the public to enforce secure password utilization and, if possible, to disable the SSH functionality of their managed devices – if not in use, as this vulnerability is the main target of Fritzfrog.

About the author

Leave a Reply