Shulou(Shulou.com)05/31 Report--

This article mainly explains "which devices FreakOut mainly infects Linux". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let Xiaobian take you to learn "which devices FreakOut mainly infects Linux"!

According to CheckPoint's security report, the newly discovered botnet FreakOut is showing signs of an outbreak, primarily targeting Linux devices with serious software vulnerabilities, such as network attached storage (NAS) devices or Web application developers.

FreakOut primarily infects computing devices running three popular Linux software-TerraMaster, Zend Framework(Laminas Project), and Liferay Portal-to create a botnet that deploys various cyberattacks, including DDoS, and cryptocurrency miners.

What all three software solutions targeted by the FreakOut campaign have in common is that they all have large user bases, older versions have serious vulnerabilities, and proof-of-concept code for all exploits is readily available and easy to find.

Zend Framework is a professional collection of PHP packages downloaded and installed over 570 million times, and version 3.0.0 of Zend Framework contains a critical vulnerability (CVE-2021-3007) that can be exploited to enable remote code execution.

Liferay Portal is a platform for Java developers to develop services, user interfaces, custom applications, or deploy applications. 7.2.1 A previous open source version of Community Edition has a critical vulnerability (CVE-2020-7961) that allows remote arbitrary code execution.

TerraMaster is the operating system on which NAS devices of the same name run. 4.2.06 A remote command execution error (CVE-2020-28188, a high-risk vulnerability) exists in versions and earlier that allow full control of the device.

Infected Linux devices are joined into a botnet to carry out various cyber attacks. Botnet controllers can also use infected devices to mine cryptocurrency, spread laterally across corporate networks, or attack other targets while posing as infected companies.

According to the report, FreakOut's infection chain began with the exploitation of the three critical vulnerabilities mentioned above, followed by the uploading of Python scripts (out.py) on infected computers.

The attacker attempted to run the script using Python 2, which is due to die in 2020. CheckPoint pointed out that if the infected computer is outdated and Python 2 is installed, it will become prey for attackers.

At this point, I believe everyone has a deeper understanding of "which devices FreakOut mainly infects Linux," so let's actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.