Wednesday, February 24, 05:26 p.m.
Home security Malware FreakOut: Infects "Linux hosts" that are running vulnerable software

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect systems that run vulnerable versions of the popular TerraMaster operating system, Zend Framework (Laminas Project) or Liferay Portal with FreakOut malware, helping to develop a widespread cyber-attack campaign.

Malware FreakOut

"Clicking ”unpatched Linux systems

The common reason that all three software solutions are targeted by FreakOut's current campaign is that they all have a large user base and are still vulnerable to some vulnerabilities.

The Zend Framework is a collection of professional PHP packages covering over 570 million installations. Version 3.0.0, however, has a critical bug (CVE-2021-3007) that could be exploited to achieve remote code execution.

Liferay Portal is a platform for Java developers to create services, user interfaces, customize applications, or implement ready-made ones. All open source versions of Community before 7.2.1 have a critical vulnerability (CVE-2020-7961) that allows remote execution arbitrary code.

TerraMaster is the operating system that powers the devices .. Version 4.2.06 and its predecessors suffer from remote command execution error (CVE-2020-28188, also critical severity) which allows hacker to take full control of it device.

Check Point security researchers have discovered the FreakOut attacks and say that infected Linux devices are infected with a botnet that could help develop other cyber attacks. They say the controller could use the infected machines to extract cryptocurrency, to spread sideways in a corporate network or to target other targets while representing the infringed company.

FreakOut malware is new to the market and can be used to scan ports, collect information, do network sniffing or start DDoS attacks.

The infection starts by exploiting one of the three critical vulnerabilities and continues by downloading a Python script (out.py) to the compromised computer. The intruder is trying to execute script using Python 2, which reached the end of its life in 2020.

Check Point discovered the attack on January 8, 2021, when they noticed the malicious script being downloaded from hxxp: // gxbrowser [.] Net. Researchers have since identified hundreds of attempts to obtain the code.

Source of information: bleepingcomputer.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

00:02:50

How to see if Silver Sparrow malware is hiding on your Mac?

https://www.youtube.com/watch?v=xfld2_BlIOk Ένα νέο malware που στοχεύει τόσο M-series όσο και Intel Macs έχει επηρεάσει περίπου 30.000 συστήματα...

YouTube: How to use hashtags to search for videos

There are many different ways to find something on YouTube. You can search for titles, restrict it per channel or even ...

The new Hyundai IONIQ 5 electric car is impressive

Hyundai is going to release 23 electric vehicles by 2025 and today we see the first of them: the Ioniq 5, a ...

Spotify: The new HiFi series offers lossless music streaming

Spotify has announced the new HiFi series. At the "Stream On" virtual event on Monday, the service announced a new flow level without ...

New MacBook Pro models will be released in the second half of 2021

Apple in the second half of 2021 plans to release two new MacBook Pro models which will be equipped with a ...

GeckoLinux: Update with GNOME 3.38, KDE 5.21

Last year, openSUSE-based GeckoLinux arrived with a renewed ISO after two years. Continuing the tactics ...

A ghost particle that fell in Antarctica comes from a black hole

In a new study published in the journal Nature Astronomy on Monday, scientists describe in detail the detection of a subatomic particle -...

Facebook: will restore news pages in Australia

Following discussions between Facebook and the government in Australia, the social networking platform will restore the news pages ...

XSS error detected in the Apple iCloud domain

A cross-site scripting (XSS) vulnerability in the iCloud domain is said to have been fixed by Apple. The error hunter and penetration tester Vishal ...

Share-ents: How dangerous it is to post photos of children

According to security expert Ritesh Kotak, parents tend to post about 1.500 photos of their children on social media before ...