Friday, March 29, 2024
HomeSECURITYnew versions target IoT devices

new versions target IoT devices

-


RapperBot botnet combines DDoS and cryptojacking: new versions target IoT devices

The botnet turns your Linux into a Monero mine.

New RapperBot Botnet Samples Added Capabilities cryptojacking for mining cryptocurrency on compromised machines Intel x64.

The change happened gradually, the developers first added the cryptomining component separately from the malware, and by the end of January the botnet and cryptomining functions were combined into a single whole.

Researchers at FortiGuard Labs from Fortinet have been tracking RapperBot activity since June 2022 and report that the updated version of RapperBot uses a miner XMRig Monero on Intel x64 architecture. The information security company reports that this campaign has been active since January and is primarily aimed at IoT-devices.

The miner code is now integrated into RapperBot, obfuscated with two-level XOR coding that effectively hides mining pools and Monero mining addresses from analysts.

FortiGuard Labs discovered that the bot gets its mining configuration from a command and control (C2) server instead of hardcoded static pool addresses and uses multiple pools and wallets for backing up.

To maximize mining performance, the malware enumerates the running processes on the compromised system and kills processes associated with other competing miners.

Although the researchers did not find any DDoS commands sent from C2 servers on analyzed samples, they found that the latest version of the bot supports the following commands:

  • Performing DDoS attacks (UDP, TCP and HTTP GET);
  • Stop DDoS attacks;
  • Shutting down the work (and any child processes).

RapperBot seems to be evolving rapidly and expanding its list of features to maximize operator profits.

To protect devices from RapperBot and similar malware, users are advised to update software, disable unnecessary services, change default passwords to stronger ones, and use firewalls to block unauthorized requests.

Earlier in 2022, information security specialists from Fortinet FortiGuard Labs about discovered new samples of RapperBot , which were used to create a botnet capable of launching DDoS attacks on game servers. It is worth noting that it was Fortinet experts who were the first to spot the malware in 2022. Then he was imprisoned only under brute force SSH-servers linux.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular