Select Page

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022.

“This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai,” Fortinet FortiGuard Labs said in a report.

The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.

RapperBot’s current implementation also delineates it from Mirai, allowing it to primarily function as an SSH brute-force tool with limited capabilities to carry out distributed denial-of-service (DDoS) attacks.

The deviation from traditional Mirai behaviour is further evidenced in its attempt to establish persistence on the compromised host, effectively permitting the threat actor to maintain long-term access long after the malware has been removed or the device has been rebooted.

images from Hacker News