Security researchers report on a new malware that targets poorly configured machines to tie them into a botnet, which can then be used for nefarious purposes.
According to a report from Check Point Research (CPR), the malware variant, named FreakOut, specifically targets Linux devices that run unpatched versions of certain software.
The group writes that they encountered several instances of these attacks, which it labels as “ongoing”.
Exploits patched flaws
According to CPR, FreakOut first targets Linux devices with specific products that have not been patched against some known flaws.
These include a remote command execution (RCE) flaw in the TerraMaster Operating System that powers TerraMaster NAS devices, a deserialization glitch in the Zend PHP Framework, and a deserialization of untrusted data issue in the Liferay Portal content management system.
Developers of all these products have released patches to close off the vulnerabilities. However, the malware is scanning the Internet for machines that are still running the unpatched version of these software, which it then exploits to gain access to the underlying Linux host.
“If successfully exploited, each device infected by the FreakOut malware can be used as a remote-controlled attack platform by the threat actors behind the attack, enabling them to target other vulnerable devices to expand their network of infected machines,” warn the researchers.
CPR found that each infected device is configured to communicate with a command and control (C&C) server that was created in late November 2020 and has been running ever since. Upon further investigation they found evidence of 186 exploited devices that were communicating with the server.
Applying already available security patches is all that’s required to mitigate the attack. “Such attack campaigns highlight the importance of taking sufficient precautions and updating your security protections on a regular basis,” conclude the researchers.
Via: BleepingComputer
