Adware.Linux.FRS.R002C0DJU24

This Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It requires being executed with a specific argument/parameter, an additional component, or in a specific environment in order to proceed with its intended routine.

Arrival Details

This Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other Details

This Adware does the following:

• It uses the following version of FRP Client:
  • FRP Client v0.3
• It requires the following component file to proceed with its intended routine:
  • {Grayware Path}/frpc.ini

It accepts the following parameters:

• Command:
  • help → Help about any command
  • http → Run frpc with a single http proxy
  • https → Run frpc with a single https proxy
  • reload → Hot-Reload frpc configuration
  • status → Overview of all proxies status
  • stcp → Run frpc with a single stcp proxy
  • sudp → Run frpc with a single sudp proxy
  • tcp → Run frpc with a single tcp proxy
  • tcpmux → Run frpc with a single tcpmux proxy
  • udp → Run frpc with a single udp proxy
  • verify → Verify that the configures is valid
  • xtcp → Run frpc with a single xtcp proxy
• Flags:
  • -c | --config {string} → config file of frpc (default "./frpc.ini")
  • -h | --help → help for frpc
  • -v | --version → version of frpc
  • --config-dir {directory} → config directory, run one frpc service for each file in config directory

It requires being executed with a specific argument/parameter, an additional component, or in a specific environment in order to proceed with its intended routine.