In a startling development, the notorious FritzFrog botnet, which first emerged in 2020, has undergone a significant transformation by exploiting the Log4Shell vulnerability. Unlike its traditional approach of focusing on internet-facing applications, this latest variant is now aggressively targeting all hosts within a victim’s internal network, according to recent findings by Akamai researchers, a leading cybersecurity and content delivery network provider.
Originally recognized for its use of brute-force attacks on SSH to compromise servers and deploy cryptominers, FritzFrog has adopted a new campaign named “Frog4Shell.” This campaign leverages the Log4Shell vulnerability, a flaw in the widely used Log4j web tool, discovered in 2021. Despite extensive global patching efforts initiated by governments and security companies, the Log4Shell bug remains a persistent threat.
Frog4Shell represents a paradigm shift in FritzFrog’s tactics. The malware now goes beyond the conventional approach of compromising high-profile internet-facing applications. Instead, it meticulously scans and reads system files on compromised hosts to identify potential targets within internal networks, particularly vulnerable Java applications.
This evolution is particularly concerning as it exposes neglected and unpatched internal machines, exploiting a circumstance often overlooked in previous security measures. Even if organizations have patched the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: