Cybersecurity researchers from Guardicore Labs have discovered a new multi-functional peer-to-peer (P2P) botnet written in the programming language Golang that has been actively targeting SSH servers since January 2020. Named “FritzFrog,” this modular, multi-threaded and file-less botnet has successfully breached over 500 servers so far including well-known universities in the US and Europe and a railway company, according to Guardicore. In addition to implementing a made from scratch P2P protocol, communications are done through an encrypted channel with the malware package creating a backdoor to the victims’ systems for continued access by the attackers. Although Golang-based botnets have been observed before, what makes FritzFrog unique is that it’s fileless, meaning that it assembles and executes payloads in memory, is more aggressive in carrying out brute-force attacks, while also being efficient by distributing the targets evenly within the botnet.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in