Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.
Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.
“With its decentralised infrastructure, it distributes control among all its nodes,” Guardicore‘s Ophir Harpaz said. “In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date.”
In addition to implementing a proprietary P2P protocol that’s been written from scratch, the communications are done over an encrypted channel, with the malware capable of creating a backdoor on victim systems that grants continued access for the attackers.
images from Hacker News