FreakOut Malware a new threat for Linux Devices
Reading Time: 2 minutes

FreakOut Malware a new threat for Linux devices as it adds infected Linux devices to a botnet, enabling them to launch DDOS and crypto-mining attacks.

The latest FreakOut malware has a number of capabilities such as port scanning, information gathering, and data packet and network sniffing. It adds infected Linux devices to a botnet and has the ability to launch DDOS and Network flooding attacks. Additionally, it can also carry out crypto-mining attacks.

According to Checkpoint researchers, if cybercriminals were to use each of the exploited FreakOut malware devices as a remote-controlled platform, they would be able to target other vulnerable devices and further expand the network of infected machines.

How Freakout Malware Works?

The FreakOut malware initially targets a Linux device with specific products that have not been patched for known vulnerabilities. Especially the CVE-2020-28188 – critical remote command execution vulnerability in TerraMaster TOS, an operating system of a popular data storage device vendor TerraMaster. It targets a version prior to 4.2.06 as the patch is already available for ver 4.2. 07.

Another vulnerability the malware target is CVE-2021-3007 in Zend Framework. It is a popular collection of library packages used for building web applications. The hackers are able to exploit the vulnerabilities in Zend Framework 3.0.0 and higher.

The researchers have advised users of Zend framework and lamins-http vendor to use 2.14.x bugfix release (patch) for this vulnerability as the maintainer no longer supports Zend framework.

Bad actors are also able to exploit the CVE-2020-7961 vulnerability in Liferay Portal. It is a free open-source enterprise portal with features for developing web portals and websites. Versions prior to 7.2.1 CE GA2 remain vulnerable, while there is an update available for Liferay Portal 7.2 CE GA2 (7.2.1) and above.

Researchers at Checkpoint said

Patches are available for all products impacted in these CVEs, and users of these products are advised to urgently check any of these devices they are using and to update and patch them to close off these vulnerabilities.

According to the researchers after exploiting one of these critical flaws, attackers then upload an obfuscated Python script called out.py, downloaded from the site https://gxbrowser[.]net.

The script is powerful as it can carry out port scanning, collect system fingerprints, create and send packets, and brute force abilities to infect other network devices using hard-coded credentials.

How to stay safe from FreakOut Malware?

Linux device users that utilize TerraMaster TOS, Zend Framework or Liferay Portal make sure they have deployed all patches.