Thanks Gym Sent from duckduckgo anonymous email
------- Original Message ------- On Sunday, August 7th, 2022 at 1:09 AM, jim bell <[email protected]> wrote: > A fearsome new botnet is rapidly gaining momentum > https://share.newsbreak.com/1juxwgz5 > > An old, infamous trojan has been forked, with the new variant being used to > attack Linux SSH > [servers](https://www.techradar.com/news/best-small-business-servers), > experts have warned. > > However, unlike the original > [malware](https://www.techradar.com/best/best-malware-removal), whose purpose > was quite clear, researchers are not yet sure what the operators are up to > this time around. > > Cybersecurity researchers from Fortinet detected IoT malware with unusual > SSH-related strings, and after digging a bit deeper, discovered RapperBot, a > variant of the dreaded [Mirai > trojan](https://www.techradar.com/news/mirai-botnet-now-targeting-critical-flaw-in-thousands-of-routers). > > Access for sale? > > RapperBot was first deployed in mid-June 2022, and is being used to > brute-force into [Linux](https://www.techradar.com/best/best-linux-distros) > SSH servers and gain persistence on the endpoints. > > RapperBot borrows quite a lot from Mirai, but it does have its own command > and control (C2) protocol, as well as certain unique features. > > But unlike Mirai, whose goal was to spread to as many devices as possible, > and then use those devices to mount devastating Distributed Denial of Service > (DDoS) attacks, RapperBot is spreading with more control, and has limited > (sometimes even completely disabled) DDoS capabilities. > > The researchers’ first impression is that the malware might be used for > lateral movement within a target network, and as the first stage in a > multi-stage attack. It could be also used simply to gain access to the target > devices, access which could later be sold on the black market. The > researchers came to this conclusion, among other things, due to the fact that > the trojan sits idly, once it compromises a device.
