Thanks Gym
Sent from duckduckgo anonymous email
--- Original Message ---
On Sunday, August 7th, 2022 at 1:09 AM, jim bell wrote:
> A fearsome new botnet is rapidly gaining momentum
> https://share.newsbreak.com/1juxwgz5
>
> An old, infamous trojan has been forked, with the new variant being used to
> attack Linux SSH
> [servers](https://www.techradar.com/news/best-small-business-servers),
> experts have warned.
>
> However, unlike the original
> [malware](https://www.techradar.com/best/best-malware-removal), whose purpose
> was quite clear, researchers are not yet sure what the operators are up to
> this time around.
>
> Cybersecurity researchers from Fortinet detected IoT malware with unusual
> SSH-related strings, and after digging a bit deeper, discovered RapperBot, a
> variant of the dreaded [Mirai
> trojan](https://www.techradar.com/news/mirai-botnet-now-targeting-critical-flaw-in-thousands-of-routers).
>
> Access for sale?
>
> RapperBot was first deployed in mid-June 2022, and is being used to
> brute-force into [Linux](https://www.techradar.com/best/best-linux-distros)
> SSH servers and gain persistence on the endpoints.
>
> RapperBot borrows quite a lot from Mirai, but it does have its own command
> and control (C2) protocol, as well as certain unique features.
>
> But unlike Mirai, whose goal was to spread to as many devices as possible,
> and then use those devices to mount devastating Distributed Denial of Service
> (DDoS) attacks, RapperBot is spreading with more control, and has limited
> (sometimes even completely disabled) DDoS capabilities.
>
> The researchers’ first impression is that the malware might be used for
> lateral movement within a target network, and as the first stage in a
> multi-stage attack. It could be also used simply to gain access to the target
> devices, access which could later be sold on the black market. The
> researchers came to this conclusion, among other things, due to the fact that
> the trojan sits idly, once it compromises a device.
