Akamai provided details about a new variant of the FritzFrog botnet, which abuses the 2021 Log4Shell vulnerability CVE-2021-44228 (10.0 critical). The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible. The malware also now also includes a module to exploit CVE-2021-4034, a privilege escalation in the polkit Linux component. This module enables the malware to run as root on vulnerable servers. IOC provided.
🔗 https://www.akamai.com/blog/security-research/2024/feb/fritzfrog-botnet-new-capabilities-log4shell
🚨 #FritzFrog botnet returns, using #Log4Shell, memory-resident payloads, and PwnKit to exploit unpatched INTERNAL systems. Employing new tactics to stay hidden and evade detection.