A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Fileless P2P Botnet Malware

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.

Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.

“With its decentralized infrastructure, it distributes control among all its nodes,” Guardicore’s Ophir Harpaz said. “In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date.”


In addition to implementing a proprietary P2P protocol that’s been written from scratch, the communications are done over an encrypted channel, with the malware capable of creating a backdoor on victim systems that grants continued access for the attackers.

A Fileless P2P Botnet

Although GoLang based botnets have been observed before, such as Gandalf and GoBrut, FritzFrog appears to share some similarities with Rakos, another Golang-based Linux backdoor that was previously found…


Have a comment? Type it below!