Saturday, January 25, 2025
HomeLinux malwareFreakOut Malware that Exploits Critical Vulnerabilities in Linux Devices

FreakOut Malware that Exploits Critical Vulnerabilities in Linux Devices

Published on

SIEM as a Service

Follow Us on Google News

Check Point Research (CPR) encountered that ongoing attacks involve a new malware variant, called ‘FreakOut.’

The purpose behind these attacks is to create an IRC botnet. An IRC botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel to execute malicious commands.

It is used for malicious activities, such as launching DDoS attacks on other organizations’ networks, or for crypto-mining activity on infected machines, which can potentially shut down entire systems infected. The attacks are aimed at Linux devices.

The malware also comes with extensive capabilities consist of port scanning, information gathering, creation and sending of data packets, network sniffing, and the capability to launch DDoS and network flooding attacks.

Linux devices that run on of the following Products which have Vulnerabilities exploited by FreakOut malware

  • TerraMaster TOS (TerraMaster Operating System), a well-known vendor of data storage devices
  • Zend Framework, a popular collection of library packages, used for building web applications
  • Liferay Portal, a free, open-source enterprise portal, with features for developing web portals and websites

The attack exploits the following CVE’s :

  • CVE-2020-28188 – released 28/12/20 – TerraMaster TOS
  • CVE-2021-3007 – released 3/1/21 – Zend Framework
  • CVE-2020-7961 – released 20/03/20 – Liferay Portal

Patches are available for all products impacted in these CVEs.

Protections

IPS

  • TerraMaster TOS Command Injection (CVE-2020-28188).
  • Liferay Portal Insecure Deserialization (CVE-2020-7961).
  • Zend Framework Remote Code Execution (CVE-2021-3007).
  • CMD Injection Over HTTP

Anti-Bot

  • Win32.IRC.G
  • TC.a
  • Win32.N3Cr0m0rPh.TC.a
  • Win32.N3Cr0m0rPh.TC.b
  • Win32.N3Cr0m0rPh.TC.c
  • Win32.N3Cr0m0rPh.TC.d

For TerraMaster, the fixes will be implemented in version 4.2.07.

Liferay Portal users should upgrade to Liferay Portal 7.2 CE GA2 (7.2.1) or later. The maintainer no longer supports the Zend framework, and the lamins-http vendor released a relevant patch for this vulnerability should use 2.14.x bugfix release (patch).

FreakOut’s Impact

Researchers found evidence from the attack campaign’s main C&C server that around 185 devices had been hacked.

The geographies that were most targeted were North America and Western Europe. Industry sectors´ most targeted were finance, government and healthcare organizations.

Security Guidelines to Stay Protected

  • Users check and patch their servers and Linux devices
  • Intrusion Prevention Systems (IPS) prevent attempts to exploit weaknesses in vulnerable systems or applications. Updated IPS helps your organization stay protected.
  • Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks.
  • Comprehensive advanced endpoint protection at the highest security level is crucial to avoid security breaches and data compromises

Conclusion

The threat actor behind the attack, named “Freak”, managed to infect many devices in a short period and incorporated them into a botnet, which in turn could be used for DDoS attacks and crypto-mining.

These attack campaigns emphasize the importance and significance of checking and protecting assets as an on-going basis. Therefore this ongoing campaign can spread quickly.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

NSA Revealed A Russian APT28 Hackers Made Previously Undisclosed Stealthy “Drovorub” Linux Malware

BootHole Vulnerability Affects Millions of Windows and Linux Systems – Allows Attackers to Install Stealthy Malware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Pumakit – Sophisticated Linux Rootkit That Persist Even After Reboots

Pumakit is a sophisticated rootkit that leverages system call interception to manipulate file and...

“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems

Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems.This...

Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users

APT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform,...