No operating system is free from some kind of cyber threat or attack. However, we tend to think that there are some that are safer than others and that, therefore, we are not in any danger. The truth is that hackers tend to attack what has more users. In this article we echo FreakOut , a new malware that takes advantage of critical vulnerabilities in Linux.
FreakOut, the malware that puts Linux in check
The FreakOut malware is part of a campaign that targets Linux devices running software with certain critical vulnerabilities that are present on NAS computers. The objective of this attack is to compromise computers that have vulnerable versions of the popular TerraMaster , Zend Framework or Liferay Portal operating system.
This problem has been discovered by Check Point Research . These attacks have the mission of creating an IRC botnet. It is a set of computers infected with malware that can be controlled remotely through an IRC channel and thus be able to execute malicious commands.
This botnet is later used to carry out DDoS attacks on the networks of other organizations, mine cryptocurrencies or control the shutdown of other computers. As we have mentioned, this is all directed against Linux systems.
But this malware has many more capabilities. It also allows to perform a port scan, collect information, create and send data packets, track networks …
It affects TerraMaster, which is a popular storage device (NAS) provider, Zend Framework, which is a collection of library packages and is used to build web applications, and Liferay Portal, a free and open source enterprise portal that allows to develop web portals.
In the first case, the vulnerability that affects TerraMaster was registered as CVE-2020-28188 and affects versions 4.2.06 and later and would allow complete control of the device. The second one, the one affecting the Zend Framework, is CVE-2021-3007 and could be exploited for remote code execution. It affects version 3.0.0. Lastly, the third vulnerability was registered as CVE-2020-7961 . In this case it affects versions prior to 7.2.1.
Affects unpatched Linux systems
As we have indicated, the FreakOut malware affects Linux operating systems. Specifically, it affects those that are not correctly updated and with all the corresponding patches installed.
Among all the countries where the problem has been detected, we can mention Spain. Specifically, where it has affected the most has been in North America and Western Europe.
To protect ourselves from this problem, the main thing is to check that we have our systems correctly updated and with all the patches. This is something that can help us avoid many problems of this type, since there are often vulnerabilities that can be exploited by hackers.
Therefore, a first step is to verify and patch the Linux servers and devices. It is also interesting to use intrusion prevention systems, to avoid attempts to take advantage of system failures, as well as to use a good updated antivirus.
In short, FreakOut is a malware that can compromise the security of Linux systems. It is essential that we keep them updated, with everything necessary to keep them running smoothly. We leave you a list of Linux distributions for ethical hacking.