Security News > 2022 > November > Updated RapperBot malware targets game servers in DDoS attacks
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS attacks against game servers.
The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.
The motivation of the current campaign is more apparent, as the DoS commands in the latest variant are tailored for attacks against servers hosting online games.
The malware tries to brute force devices using common weak credentials from a hardcoded list, whereas previously, it fetched a list from the C2. "To optimize brute forcing efforts, the malware compares the server prompt upon connection to a hardcoded list of strings to identify the possible device and then only tries the known credentials for that device," explains Fortinet.
"Unlike less sophisticated IoT malware, this allows the malware to avoid trying to test a full list of credentials."
Based on the HTTP DoS methods, the malware appears to be specialized in launching attacks against game servers.
News URL
Related news
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
- DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Police detains Smokeloader malware customers, seizes servers (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)