Linux Devices Under Attack by New FreakOut Malware
#1
Information 
Quote:Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service (DDoS)  attacks and cryptomining.
 
The malware variant, called FreakOut, has a variety of capabilities. Those include port scanning, information gathering and data packet and network sniffing. It is actively adding infected Linux devices to a botnet, and has the ability to launch DDoS and network flooding attacks, as well as cryptomining activity.

“If successfully exploited, each device infected by the FreakOut malware can be used as a remote-controlled attack platform by the threat actors behind the attack, enabling them to target other vulnerable devices to expand their network of infected machines,” said researchers with Check Point Research in a Tuesday analysis.
 
FreakOut first targets Linux devices with specific products that have not been patched against various flaws.
 
These include a critical remote command execution flaw (CVE-2020-28188) in TerraMaster TOS (TerraMaster Operating System), a popular data storage device vendor. Versions prior to 4.2.06 are affected, while a patch will become available in 4.2.07.
 
Also targeted is a critical deserialization glitch (CVE-2021-3007) in Zend Framework, a popular collection of library packages that’s used for building web applications. This flaw exists in versions higher than Zend Framework 3.0.0.
 
“The maintainer no longer supports the Zend framework, and the lamins-http vendor released a relevant patch for this vulnerability should use 2.14.x bugfix release (patch),” researchers said.
 
Finally attackers target a critical deserialization of untrusted data issue (CVE-2020-7961) in Liferay Portal, a free, open-source enterprise portal, with features for developing web portals and websites. Affected are versions prior to 7.2.1 CE GA2; an update is available in Liferay Portal 7.2 CE GA2 (7.2.1) or later.
 
“Patches are available for all products impacted in these CVEs, and users of these products are advised to urgently check any of these devices they are using and to update and patch them to close off these vulnerabilities,” said researchers.

Read more: https://threatpost.com/linux-attack-frea...re/163137/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Linux Devices Under Attack by New FreakOut Malware - by silversurfer - 19 January 21, 18:11

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
NanaZip 6.5 Update (6.5.1767.0)
NanaZip 6.5 Update...harlan4096 — 19:15
Microsoft Edge 150 Adds Google Account S...
Microsoft has adde...harlan4096 — 10:26
Free Download Manager 6.34.2.6926
Changes in 6.34.2....harlan4096 — 09:37
Bitdefender 27.0.60.341
Latest version of ...harlan4096 — 09:34
Microsoft Edge 150.0.4078.48
Version 150.0.4078...harlan4096 — 09:33

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>