FreakOut Botnet Targeting Linux Systems
The era of attacks on the Linux platform is nigh. Nefarious ne'er do wells have realized Linux is powering enterprise businesses and they're caching in on that reality. This time around, with a botnet capable of launching DDoS attacks, ARP poisoning, hidden crypto-mining, brute-force attacks, and more.
The FreakOut botnet was first discovered in November of 2020, but resurfaced this month. The current targets of the botnet are TerrraMaster data storage units, web applications built with the Zend PHP Framework, and Liferay Portal CMS websites. However, according to Check Point, FreakBot is currently mass-scanning the internet for vulnerable applications and employing exploits to gain control of the underlying Linux system via the following vulnerabilities:
- CVE-2020-28188 - RCE in TerraMaster management panel.
- CV-2021-3007 - Zend Framework bug.
- CVE-2020-7961 - Liferay Portal bug.
Once FreakOut has gained access to the system, it downloads a Python script to connect the infected system to a remote IRC channel so the attacker can send attack commands that can: Gather information from the system, create and send UDP/TCP packets, execute telnet brute-force attacks, run port scans, execute ARP poisoning attacks on the connected LAN, kill local processes, and more.
To prevent FreakOut from attacking your Linux systems, it's crucial to make sure they are always up to date, so run those upgrades regularly.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.