CRYPTOJACKING MALWARE TARGETS BANKING

Updated: 08/20/2020 07:09
Hyip Monitor
cryptojacking malware targets banking
Researchers at Guardicore say that the malware was created by “highly professional software developers.”
Sponsored Links
Researchers at Guardicore say that the malware was created by “highly professional software developers.”

Cybersecurity firm Guardicore Labs has recently published findings on FritzFrog, a cryptojacking malware botnet that has been deployed to tens of millions of IP addresses. According to the findings, FritzFrog has mostly targeted medical centers, banks, telecommunication companies, government offices, and educational institutions.

So far, the success of the botnet’s attacks has been prolific: Guardicore’s report found that so far, FritzFrog has compromised “over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”

The Most Diverse Audience to Date at FMLS 2020 – Where Finance Meets Innovation

The botnet uses a type of brute-force attack on millions of different servers in order to break in. Once it gains access, FritzFrog runs a separate process named “libexec” to execute XMRig, the malware that co-opts computing power to mine Monero.

”Highly professional” malware


While cryptojacking malware is certainly nothing new, Guardcore says that FritzFrog appears to be unique. For one thing, the botnet’s connections were hidden within a peer-to-peer (P2P) network, which made it difficult to track.

“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory,” the report said. “It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”

Additionally, Guarcore found that FritzFrog’s “p2p implementation was written from scratch”, which seems to indicate that the malware was created by “highly professional software developers.”

FritzFrog’s protocol is written in a language called Golang, which “is completely volatile and leaves no traces on the disk.” It also creates SSH public key that acts as a “backdoor” that enables ongoing access to compromised machines.

Cryptojacking malware has targeted large institutions before


Earlier this year, Finance Magnates reported that another form of cryptojacking malware was targeting “supercomputers” that belong to institutions similar to the ones that FritzFrog seems to be targeting.

At that time, the crypto malware caused a number of of these “supercomputers” to go offline. The timing of the shutdowns is particularly bad because of the fact that many of the organizations running the computers were prioritizing research on COVID-19. This research may have been hampered as a result of the malware and the subsequent shutdowns.


About the author

Eric Marriam is a young writer. Even though he is not experienced he is able to make really high quality work. Eric is able to identify a problem people have and break it down, able to appeal to emotion through emotive writing, can change style of writing to cater to different audience. Eric Marriam is able to work creatively and effectively with staff and managers and despite his young age, he proved to be a clear and effective writer and speaker, committed to maintaining quality and efficiency, seeking for professional growth and development.
You May Also Like