FreakOut malware targets Linux users by exploiting multiple vulnerabilities
Linux-based systems are generally touted for their high levels of security, but this does not mean that they are completely immune to threats. Illustrating this, security firm Check Point Software has shared details of a series of attacks based on the FreakOut malware.
The company says that the aim of the malware appears to be the creation of an IRC botnet which could be used to launch DDoS attacks, run crypto miners, and more. Linux users running certain products are being warned to get their systems patched as soon as possible to avoid problems.
- Weird Windows 10 bug causes BSoD if you visit a certain path using Chrome
- Microsoft releases KB4598479 update to fix 'Reset this PC' bug in Windows 10
- WSL distros can now run Linux commands on startup in Windows 10
Three specific products have vulnerabilities that are at risk of being exploited: TerraMaster TOS (used in storage devices), library packages collection Zend Framework, and Liferay Portal. Any device infected with FreakOut malware can be remotely controlled by an attacker and used to spread to other devices.
There are three separate vulnerabilities at play here -- CVE-2020-28188 (released 28/12/20) in TerraMaster TOS; CVE-2021-3007 (released 3/1/21) in Zend Framework; CVE-2020-7961 )released 20/03/20) in Liferay Portal. FreakOut activity has been detected around the world, but the US is currently the most heavily hit. The malware has affected numerous sectors, but it is government, finance and military being targeted the most.
Check Point Research explains:
If successfully exploited, each device infected by the FreakOut malware can be used as a remote-controlled attack platform by the threat actors behind the attack, enabling them to target other vulnerable devices to expand their network of infected machines. The FreakOut malware’s capabilities include port scanning, information gathering, creation and sending of data packets, network sniffing, and the capability to launch DDoS and network flooding attacks.
As there are patches available or in the works for all three of the vulnerabilities affecting the various products, anyone using such devices or system is advised to update their software as soon as possible. TerraMaster version 4.2.07 will include the fixes, and Liferay Portal users should upgrade to Liferay Portal 7.2 CE GA2 (7.2.1) or later. While the Zend framework is no longer supported, users should upgrade to the lamins-http vendor's 2.14.x bugfix release (patch)
The security advice from Check Point Research is as follows:
- We strongly recommend users check and patch their servers and Linux devices in order to prevent the exploitation of such vulnerabilities by FreakOut
- Intrusion Prevention Systems (IPS) prevent attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Updated IPS helps your organization stay protected.
- Endpoint protections: Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organization, as it protects against a majority of the malware attacks that an organization faces.
- Comprehensive advanced endpoint protection at the highest security level is crucial in order to avoid security breaches and data compromises