New FreakOut botnet targets Linux systems running unpatched software

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A newly identified botnet is targeting unpatched applications running on top of Linux systems, Check Point security researchers said in a report today.
First seen in November 2020, the FreakOut botnet has surfaced again in a new series of attacks this month.
Its current targets include TerraMaster data storage units, web applications built on top of the Zend PHP Framework, and websites running the Liferay Portal content management system.
Check Point says the FreakOut operator is mass-scanning the internet for these applications and then utilizing exploits for three vulnerabilities in order to gain control of the underlying Linux system.
All three vulnerabilities (listed below) are fairly recent, which means there's a high chance that FreakOut exploitation attempts are succeeding as many systems could still be lagging behind on their patches.
  • CVE-2020-28188 - RCE in TerraMaster management panel (disclosed on December 24, 2020)
  • CVE-2021-3007 - deserialization bug in the Zend Framework (disclosed on January 3, 2021)
  • CVE-2020-7961 - deserialization bug in the Liferay Portal (disclosed on March 20, 2020)
Once the FreakOut bot gains access to a system, it's immediate step is to download and run a Python script that connects the infected devices to a remote IRC channel where the attacker can send commands and orchestrate a varied list of attacks using the enslaved devices.
According to a Check Point technical report published today, the list of commands that FreakOut bots can run includes the likes of:
  • Gathering info on the infected system;
  • Creating and sending UDP and TCP packets;
  • Executing Telnet brute-force attacks using a list of hardcoded credentials;
  • Running a port scan;
  • Executing an ARP poisoning attack on the device's local network;
  • Opening a reverse shell on the infected host;
  • Killing local processes; and more.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top