"New Mirai Variant Employs Uncommon Tactics to Distribute Malware"

RapperBot, a new variant of Mirai, is another example of malware that uses relatively uncommon or previously unknown infection vectors in an attempt to spread more widely. RapperBot first appeared as Internet of Things (IoT) malware containing parts of Mirai source code but with significantly different functionality than other Mirai variants. The differences included using a new protocol for command-and-control (C2) communications and incorporating a feature for brute-forcing SSH servers instead of Telnet services, as is common in Mirai variants. Last year, Fortinet researchers tracking the malware observed its authors regularly modifying it, first by adding code to maintain persistence on infected machines even after a reboot, and then by adding code for self-propagation via a remote binary downloader. Later, the malware authors removed the self-propagation feature and added a feature that granted them persistent remote access to SSH servers that had been brute-forced. This article continues to discuss researchers' findings and observations regarding RapperBot. 

Dark Reading reports "New Mirai Variant Employs Uncommon Tactics to Distribute Malware"