A fearsome new botnet is rapidly gaining momentum

jim bell jdb10987 at yahoo.com
Sun Aug 7 01:09:21 PDT 2022


 A fearsome new botnet is rapidly gaining momentum 
https://share.newsbreak.com/1juxwgz5

An old, infamous trojan has been forked, with the new variant being used to attack Linux SSH servers, experts have warned.

However, unlike the original malware, whose purpose was quite clear, researchers are not yet sure what the operators are up to this time around.

Cybersecurity researchers from Fortinet detected IoT malware with unusual SSH-related strings, and after digging a bit deeper, discovered RapperBot, a variant of the dreaded Mirai trojan.

Access for sale?

RapperBot was first deployed in mid-June 2022, and is being used to brute-force into Linux SSH servers and gain persistence on the endpoints.

RapperBot borrows quite a lot from Mirai, but it does have its own command and control (C2) protocol, as well as certain unique features.

But unlike Mirai, whose goal was to spread to as many devices as possible, and then use those devices to mount devastating Distributed Denial of Service (DDoS) attacks, RapperBot is spreading with more control, and has limited (sometimes even completely disabled) DDoS capabilities.

The researchers’ first impression is that the malware might be used for lateral movement within a target network, and as the first stage in a multi-stage attack. It could be also used simply to gain access to the target devices, access which could later be sold on the black market. The researchers came to this conclusion, among other things, due to the fact that the trojan sits idly, once it compromises a device.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6044 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220807/419fe9dc/attachment.txt>


More information about the cypherpunks mailing list