According to researchers at Check Point, the malware exploits recently disclosed vulnerabilities in NAS (network-attached storage) devices running on Linux employing the machines as part of an IRC botnet for crypto-mining activity and launching of distributed denial-of-service (DDoS) attacks.
The goal of these attacks is to create IRC botnet (machines infected with the malware that will be controlled remotely), which then can be used for any malicious activities, such as launching DDoS attacks on targeted organizations’ networks.
How FreakOut Malware Exploits vulnerabilities in Linux system?
The FreakOut attacks are specifically aimed at Linux systems that run any of the below listed products, which all products suffers from the new vulnerabilities that are exploited by the malware for the ones that have not being patched, already.
Find the affected products and their various version so as to know which to patch now to block the new “FreakOut” malware that is exploiting the vulnerabilities.
- Zend Framework: Which is a very popular collection of library packages for building web applications
- Liferay Portal: An open-source enterprise portal that offer features for developing web portals and sites
- TerraMaster Operating System (TOS): Another popular vendor of storage devices
Once a device is infected by the FreakOut malware, it can be used as a remote-controlled attack platform to target other vulnerable devices to expand the attackers network of infected machines.
The malware’s capabilities include information gathering, port scanning, creation and sending of data packets, network sniffing, and launching of DDoS and network-flooding attacks.
And the FreakOut attack exploits the following CVE’s: CVE-2020-28188 (TerraMaster TOS), CVE-2021-3007 (Zend Framework) and CVE-2020-7961 (Liferay Portal). While the patches are available for all the affected products, therefore users of these products are advised to check for the update and patch their devices to shut off the vulnerabilities.