Researchers at FortiGuard Labs reported that an Internet of Things (IoT) botnet malware identified in mid-June has been evolving rapidly.
The current version of the malware, called RapperBot, functions mainly as an SSH brute-force tool with limited ability to execute distributed denial-of-service (DDoS) attacks.
It reportedly uses more than 3,500 unique IP addresses to scan and brute-force its way into SSH servers.
Said the researchers, "RapperBot has switched from self-propagation to maintaining remote access into the brute-forced SSH servers."
The researchers noted that threat actors can access compromised SSH servers "even after SSH credentials have been changed or SSH password authentication is disabled. Moreover, since the file is replaced, all existing authorized keys are deleted, which prevents legitimate users from accessing the SSH server via public key authentication."
The activity indicates SSH servers are being corralled into a botnet for purposes that are as of yet unknown.
From The Hacker News
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found