A researcher at security firm Check Point has found a new multi-platform malware called “FreakOut” that targets Linux systems and has the potential to ensnare routers and IoT devices. FreakOut uses several methods to spread, including brute-forcing SSH credentials, exploiting known vulnerabilities like the recent Zerologon flaw, and infecting a critical VMware product. Once infecting a device, FreakOut can also generate botnets, carry out distributed denial-of-service (DDoS) attacks, and mine cryptocurrency.
The malware has been active since June 2020 and has already compromised thousands of devices. Check Point believes that the actor behind it is a long-time hacker who has forged relationships with other attackers and cybercrime groups in the past. This theory is based on the fact that FreakOut uses the same command-and-control server as other malware, detected by Check Point, and belongs to the same actors.
“FreakOut is one of the more complex malware we’ve seen in recent years, using numerous advanced techniques to spread, conceal itself, and threaten both cloud and on-premises systems,” said Lotem Finkelsteen, Check Point’s Head of Threat Intelligence. Check Point has alerted affected organizations to prevent further attacks and recommends updating their systems, implementing security patches, and regularly changing passwords.
