"New RapperBot Campaign Targets Game Servers With DDoS Attacks"
Fortinet FortiGuard Labs researchers discovered new RapperBot malware samples that are being used to build a Distributed Denial-of-Service (DDoS) botnet targeting game servers. The researchers discovered the previously undetected RapperBot Internet of Things (IoT) botnet in August and reported that it has been active since mid-June 2022. The botnet takes a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it includes the ability to brute-force credentials and gain access to Secure Shell (SSH) servers rather than Telnet, as Mirai does. Researchers have also noticed that the most recent samples include persistence-maintaining code, which is rarely implemented in other Mirai variants. The brute-forcing credential list was hardcoded into earlier samples of the malware, but starting in July, the samples began retrieving the list from the command-and -control (C2) server. RapperBot has been using self-propagation to maintain remote access to the brute-forced SSH servers since mid-July. The most recent samples also include DDoS attacks against the General Routing Encapsulation (GRE) protocol, possibly using Mirai source code, and the User Datagram Protocol (UDP) protocol used by a GTA game mod. The hardcoded credentials list consists of default credentials for IoT devices. The analysis of the malware's hardcoded prompt messages revealed that it primarily targets routers and DVRs. The most recent campaign targets older devices equipped with the Qualcomm MDM9625 chipset, such as LTE modems. Once inside the device, it sends the credentials used, the compromised device's IP address, and its architecture to the C2 server via a separate port, 5123. The malware then attempts to install the RapperBot payload binary on the infected device. This article continues to discuss the discovery of new RapperBot samples used to build a botnet to launch DDoS attacks against game servers.
Security Affairs reports "New RapperBot Campaign Targets Game Servers With DDoS Attacks"