20 January 2021

FreakOut botnet exploits recent flaws to compromise Linux systems


FreakOut botnet exploits recent flaws to compromise Linux systems

Check Point researchers have spotted a new ongoing attack that targets non-patched applications running on Linux systems. The campaign involves a new malware strain dubbed ‘FreakOut’, which is used to create an IRC botnet that can be leveraged for various malicious purposes, such as launching DDoS attacks on other organizations’ networks, or for crypto-mining.

The campaign targets Linux devices running TerraMaster TOS, Zend Framework, or Liferay Portal software, all of which contain relatively new vulnerabilities. According to Check Point, FreakOut exploits the following flaws: CVE-2020-28188 (TerraMaster TOS), CVE-2020-7961 (Liferay Portal), and CVE-2021-3007 affecting Zend Framework (this CVE is being disputed).

Once the device is infected, the FreakOut operators can use the malware as a launchpad for further attacks, allowing them to target other vulnerable devices to expand their network of infected machines. The FreakOut malware’s capabilities include port scanning, information gathering, creation and sending of data packets, network sniffing, and the capability to launch DDoS and network flooding attacks.

So far, Check Point observed 185 victims infected with malware. Additionally, the firm detected over 380 attack attempts, with 27% of them observed in the US alone. Other attack attempts were seen in UK, Italy, Netherlands and Germany. Most targeted were North America and Western Europe.

Top industries targeted include Finance/Banking, Government/Military and Healthcare.

““FreakOut” is an attack campaign that exploits three vulnerabilities, including some newly released, to compromise different servers. The threat actor behind the attack, named “Freak”, managed to infect many devices in a short period of time, and incorporated them into a botnet, which in turn could be used for DDoS attacks and crypto-mining. Such attack campaigns highlight the importance and significance of checking and protecting your assets as an on-going basis. This ongoing campaign can spread quickly, as we have seen,” Check Point warned.

Back to the list

Latest Posts

Vulnerability summary for the week: March 5, 2021

Vulnerability summary for the week: March 5, 2021

A weekly vulnerability digest.
5 March 2021
Microsoft shares details on three new malware strains used in SolarWinds hack

Microsoft shares details on three new malware strains used in SolarWinds hack

GoldMax, Sibot and GoldFinder were used by attackers to achieve persistence on the infected machines and perform actions post-compromise.
5 March 2021
Four notorious cybercrime forums hacked

Four notorious cybercrime forums hacked

The list of hacked crime forums includes Maza, Verified, Crdclub and Exploit.
5 March 2021