Sophisticated cryptojacking malware targets banking and education

A new form of cryptojacking malware has been identified for the first time, described as the work of “highly professional software developers.”

According to reports from cybersecurity research firm Guardicore Labs, the FritzFrog malware botnet is highly sophisticated, and has already infected tens of millions of IP addresses worldwide.

The bot has mainly been targeting banks, educational institutions, medical institutions and government agencies, with the report finding that the malware had already compromised “over 500 SSH servers, including those of known high-education institutions in the U.S. and Europe, and a railway company.”

FritzFrog uses brute-force attacks to gain access to servers, before running XMRig mining software. This in turn uses the hacked organization’s resources to mine for privacy coin Monero, which delivers the hackers their pay day.

According to the report, FritzFrog appears unique among cryptojacking malwares in that it is hidden within P2P networks, which makes it much more difficult to identify.

“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory. It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”

The report also noted that the “p2p implementation was written from scratch,” suggesting it was the work of “highly professional software developers.”

The malware is the latest malicious crypto mining script to be discovered, at a time when this method of hacking is on the rise. Servers and networks across the world are being compromised by these types of attacks on a daily basis, with hackers illegitimately harvesting resources to power their Monero mining operations.

It follows on from a series of similar attacks earlier this year, which saw cryptojacking attempts on supercomputers at similar institutions. The malware brought a number of these supercomputers offline at the time, in some cases impacting their work towards research into COVID-19.