The Check Point researchers have discovered a new variant of malware that they have dubbed FreakOut, created by a well-known attacker who goes by the name of Freak or Fl0urite on various forums. This variant exploits several vulnerabilities to create an IRC botnet with two main objectives: to carry out DDoS attacks against various organizations, and, on the other hand, to mine cryptocurrencies.
The FreakOut botnet is targeted at Linux-based systems including the TerraMaster operating system, which manages the TerraMaster network-attached storage servers, the Zend framework, designed to build web application services using PHP and Liferay Portal, a platform web application that allows users to create portals and websites.
By exploiting the vulnerabilities, it is possible to execute commands on the server with the final intention of downloading the “out.py” script, developed in Python2, which would indicate that the attacker intends to take advantage particularly of those computers that still have this version installed without Python support.
Checkpoint researchers have said that this botnet is based on a separate botnet called “N3Cr0m0rPh”, which has been offered for sale or rent on underground forums since 2015.
What does FreakOut do once he’s on the team?
It has been noted that once the FreakOut malware finds and exploits a vulnerability, it downloads a Python script that creates a channel between the compromised system and the command and control server and creates these botnet functionalities:
▸Collect device information, including MAC address and memory information
▸Implement brute force attacks that attempt to infect other devices within the network
▸Scan ports
▸Kill a process by name or ID
▸Package and unzip code using obfuscation techniques to provide random names to functions and variables
See also:
IPStorm – What we know about this botnet
Lemon Duck – Botnet that Attacks Linux and Windows
[…] See also:WannaCry, one of the biggest cyberattacks in historyFreakOut – A Botnet targeting Linux […]