Ophir Harpaz, a cyber researcher at Israel’s Guardicore cybersecurity firm, has recently exposed a massive cyberattack on government, education, and finance sectors in the US.
FritzFrog malware is both a worm and a decentralized botnet that attacks Linux servers over SSH to mine cryptocurrencies. It has been active since at least January 2020. The malware is fileless and only runs in memory.
The attack has already managed to infiltrate over 500 servers in the US and Europe of universities and a railway company.
Harpaz discovered that the attackers had turned the systems they had taken over into a “peer network” that serves as a malicious force multiplier.
They began using the servers they took over to mine cryptocurrencies, but this did not seem to be their main purpose but rather to prepare the infrastructure of infected computers to schedule a much larger attack or sell the option to another entity.
They also tried to break into government institutions in Europe and the US, but in this case, their attempts failed.
Guardicore has issued guidelines to security personnel around the world with which they can check if they have been infected with the new malware and clean the servers.
Guardicore is a leader in data center and cloud security that was established by former IDF cybersecurity experts.