Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access.
Tracked by analysts since mid-June, RapperBot malware has spread through brute-force attacks on SSH servers. The IoT botnet targets devices running on ARM, MIPS, SCARC, and x86 architectures, researchers warn.
The malware is a Mirai variant with a few notable, novel features, including ditching the typical Telnet server brute-force approach in favor of attacking SSH servers instead. Fortinet Labs analysts said that since July, RapperBot has changed up its approach from infecting as many servers as possible to maintaining remote access to those compromised SSH servers.
The malware gets its name from a URL that led to a YouTube rap video in early versions, the researchers explained.
"Due to some significant and curious changes that RapperBot has undergone, its primary motivation is still a bit of a mystery," the Fortinet advisory on RapperBot said. "Regardless, since its primary propagation method is brute forcing SSH credentials, this threat can easily be mitigated by setting strong passwords for devices or disabling password authentication for SSH (where possible)."
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024