Israeli cybersecurity company Guardicore Ltd. recently discovered FritzFrog, a sophisticated peer-to-peer botnet that has been breaching SSH servers since January 2020.
According to researcher Ophir Harpaz, FritzFrog was able to hack into more than 500 servers including those belonging to universities, railway companies, and other governmental organizations in the U.S. and Europe.
Harpaz discovered the attackers were taking over servers and turning them into ‘peer networks’ in order to mine cryptocurrencies, particularly Monero. Once a victim’s system is breached, a backdoor is left to enable future access to the servers, since their credentials are saved by the network.
There were also more sinister signs of activity, such as breaking into governmental offices, to collect data, but these attempts ultimately failed.
According to Harpaz, identifying the operators of the botnet is complicated since commands can be sent to and from anywhere in the network. While FritzFrog appears unique, the model can be best compared to previous peer-to-peer botnets seen in other landscapes, such as Rakos - a botnet that was active in 2016.
As a response to the discovery, Guardicore has issued guidelines to security personnel around the world to identify whether their system has been infected with the malware.
Guardicore Labs is an Israeli cyber company founded by Ariel Zeitlin, Dror Sal'ee, and Pavel Gurvich. It develops protection software for enterprise cloud systems and servers that operate in financial, e-commerce, technology, and educational organizations. Founded in 2013, it has raised $106 million over four rounds, according to Crunchbase.