Security News > 2022 > November > Updated RapperBot malware targets game servers in DDoS attacks
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS attacks against game servers.
The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.
The motivation of the current campaign is more apparent, as the DoS commands in the latest variant are tailored for attacks against servers hosting online games.
The malware tries to brute force devices using common weak credentials from a hardcoded list, whereas previously, it fetched a list from the C2. "To optimize brute forcing efforts, the malware compares the server prompt upon connection to a hardcoded list of strings to identify the possible device and then only tries the known credentials for that device," explains Fortinet.
"Unlike less sophisticated IoT malware, this allows the malware to avoid trying to test a full list of credentials."
Based on the HTTP DoS methods, the malware appears to be specialized in launching attacks against game servers.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)