Security News > 2022 > November > Updated RapperBot malware targets game servers in DDoS attacks
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS attacks against game servers.
The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.
The motivation of the current campaign is more apparent, as the DoS commands in the latest variant are tailored for attacks against servers hosting online games.
The malware tries to brute force devices using common weak credentials from a hardcoded list, whereas previously, it fetched a list from the C2. "To optimize brute forcing efforts, the malware compares the server prompt upon connection to a hardcoded list of strings to identify the possible device and then only tries the known credentials for that device," explains Fortinet.
"Unlike less sophisticated IoT malware, this allows the malware to avoid trying to test a full list of credentials."
Based on the HTTP DoS methods, the malware appears to be specialized in launching attacks against game servers.
News URL
Related news
- Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)