Security News > 2022 > November > Updated RapperBot malware targets game servers in DDoS attacks
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS attacks against game servers.
The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.
The motivation of the current campaign is more apparent, as the DoS commands in the latest variant are tailored for attacks against servers hosting online games.
The malware tries to brute force devices using common weak credentials from a hardcoded list, whereas previously, it fetched a list from the C2. "To optimize brute forcing efforts, the malware compares the server prompt upon connection to a hardcoded list of strings to identify the possible device and then only tries the known credentials for that device," explains Fortinet.
"Unlike less sophisticated IoT malware, this allows the malware to avoid trying to test a full list of credentials."
Based on the HTTP DoS methods, the malware appears to be specialized in launching attacks against game servers.
News URL
Related news
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
- DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)