Security researchers report on a new malware that targets poorly configured machines to tie them into a botnet, which can then be used for nefarious purposes.The malware variant, named FreakOut, specifically targets Linux devices that run unpatched versions of certain software.
FreakOut first targets Linux devices with specific products that have not been patched against some known flaws.
These include a remote command execution (RCE) flaw in the TerraMaster Operating System that powers TerraMaster NAS devices, a deserialization glitch in the Zend PHP Framework, and a deserialization of untrusted data issue in the Liferay Portal content management system.
The malware is scanning the Internet for machines that are still running the unpatched version of these software, which it then exploits to gain access to the underlying Linux host.On sucessful exploitation, machine can be used as a remote controlled platform expanding the network of infected machine connecting with C&C . 186 such instances connected during investigation
Applying already available security patches is all that’s required to mitigate the attack. “Such attack campaigns highlight the importance of taking sufficient precautions and updating your security protections on a regular basis,” conclude the researchers.