Security News > 2022 > August > New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
"This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," Fortinet FortiGuard Labs said in a report.
The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.
"Since mid-July, RapperBot has switched from self-propagation to maintaining remote access into the brute-forced SSH servers," the researchers said.
"This presents a threat to compromised SSH servers as threat actors can access them even after SSH credentials have been changed or SSH password authentication is disabled," the researchers explained.
"Moreover, since the file is replaced, all existing authorized keys are deleted, which prevents legitimate users from accessing the SSH server via public key authentication."
What's clear is that SSH servers with default or guessable credentials are being corralled into a botnet for some unspecified future purpose.
News URL
https://thehackernews.com/2022/08/new-iot-rapperbot-malware-targeting.html
Related news
- Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers (source)
- Microsoft is bringing the Linux sudo command to Windows Server (source)
- CISA: Roundcube email server bug now exploited in attacks (source)
- Bumblebee malware attacks are back after 4-month break (source)
- Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)
- New Migo Malware Targeting Redis Servers for Cryptocurrency Mining (source)
- New Migo malware disables protection features on Redis servers (source)
- New SSH-Snake malware steals SSH keys to spread across the network (source)
- Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks (source)