Voyager18 (research)

FritzFrog Returns: Leveraging Log4Shell and PwnKit Exploits

The FritzFrog botnet has returned, this time leveraging Log4Shell and PwnKit exploits. Here's what you need to know.

Yair Divinsky | February 04, 2024

In a recent cyber security revelation, the notorious FritzFrog peer-to-peer (P2P) botnet has resurfaced with a sophisticated variant, employing Log4Shell and PwnKit exploits. This resurgence poses a severe threat to networks, as the malware now leverages Log4Shell as a secondary infection vector to infiltrate internal systems within compromised networks.

Let’s delve into the specifics of CVE-2024-22768, CVE-2024-22772, and CVE-2024-23842:

What are CVE-2024-22768, CVE-2024-22772, and CVE-2024-23842?

FritzFrog’s latest variant exploits multiple vulnerabilities, including CVE-2024-22768, CVE-2024-22772, and CVE-2024-23842. CVE-2024-22768 is a security flaw impacting DVR device models from Hitron Systems, while CVE-2024-22772 and CVE-2024-23842 also target vulnerabilities in these devices. These flaws create opportunities for the malware to infiltrate and compromise affected systems.



Do they affect me?

If your network includes DVR device models from Hitron Systems, it may be vulnerable to the exploits associated with CVE-2024-22768, CVE-2024-22772, and CVE-2024-23842. Organizations utilizing such devices should assess their infrastructure’s susceptibility to these vulnerabilities and take necessary precautions to safeguard against potential attacks.

Have the CVEs been actively exploited in the wild?

The disclosed information does not indicate active exploitation of CVE-2024-22768, CVE-2024-22772, and CVE-2024-23842 by FritzFrog. However, the dynamic nature of cyber threats necessitates ongoing vigilance. Continuous monitoring of security advisories and updates is crucial to stay ahead of potential exploits that could emerge in the wild.

How to fix CVE-2024-22768, CVE-2024-22772, and CVE-2024-23842

To mitigate the risks associated with these vulnerabilities, organizations are advised to promptly apply the patches released by Hitron Systems. Regularly check for firmware updates and security advisories from the device manufacturer. Additionally, network administrators should reinforce cyber security measures, including implementing access controls, monitoring for suspicious activities, and conducting regular security audits.

Next steps 

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. 2023 Vulnerability watch reports 
  2. MITRE ATTACK framework – Mapping techniques to CVEs  
  3. The true impact of exploitable vulnerabilities for 2024
  4. Multi-cloud security challenges – a best practice guide
  5. How to properly tackle zero-day threats

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy