Security News > 2023 > May > RapperBot DDoS malware adds cryptojacking as new revenue stream
New samples of the RapperBot botnet malware have added cryptojacking capabilites to mine for cryptocurrency on compromised Intel x64 machines.
Researchers at Fortinet's FortiGuard Labs have been tracking RapperBot activity since June 2022 and reported that the Mirai-based botnet focused on brute-forcing Linux SSH servers to recruit them for launching distributed denial-of-service attacks.
In November, the researchers found an updated version of RapperBot that used a Telnet self-propagation mechanism and included DoS commands that were better suited for attacks on gaming servers.
The miner's code is now integrated into RapperBot, obfuscated with double-layer XOR encoding, which effectively hides the mining pools and Monero mining addresses from analysts.
If the C2 goes offline, RapperBot is configured to use a public mining pool.
To maximize the mining performance, the malware enumerates running processes on the breached system and terminates those corresponding to competitor miners.