• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106

    Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106
  • S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579

    S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579
  • eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119

    eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119
  • eufy SpaceView Add-On Video Baby Monitor for $99

    eufy SpaceView Add-On Video Baby Monitor for $99
  • eufy Solo IndoorCam C24 (2K, 2-Cam Kit, Plug-in) for $75

    eufy Solo IndoorCam C24  (2K, 2-Cam Kit, Plug-in) for $75
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

Aug 7, 2022 by iHash Leave a Comment

IoT RapperBot Malware

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022.

“This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai,” Fortinet FortiGuard Labs said in a report.

The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.

CyberSecurity

RapperBot’s current implementation also delineates it from Mirai, allowing it to primarily function as an SSH brute-force tool with limited capabilities to carry out distributed denial-of-service (DDoS) attacks.

The deviation from traditional Mirai behavior is further evidenced in its attempt to establish persistence on the compromised host, effectively permitting the threat actor to maintain long-term access long after the malware has been removed or the device has been rebooted.

The attacks entail brute-forcing potential targets using a list of credentials received from a remote server. Upon successfully breaking into a vulnerable SSH server, the valid credentials are exfiltrated back to the command-and-control.

“Since mid-July, RapperBot has switched from self-propagation to maintaining remote access into the brute-forced SSH servers,” the researchers said.

IoT RapperBot Malware

The access is achieved by adding the operators’ SSH public key to a special file called “~/.ssh/authorized_keys,” permitting the adversary to connect and authenticate to the server using the corresponding private private key without having to furnish a password.

“This presents a threat to compromised SSH servers as threat actors can access them even after SSH credentials have been changed or SSH password authentication is disabled,” the researchers explained.

“Moreover, since the file is replaced, all existing authorized keys are deleted, which prevents legitimate users from accessing the SSH server via public key authentication.”

The shift also enables the malware to maintain its access to these hacked devices via SSH, permitting the actor to leverage the foothold to conduct Mirai-styled denial-of-service attacks.

These differences from other IoT malware families have had the side-effect of making its primary motivations something of a mystery, a fact further complicated by the fact that RapperBot’s authors have left little-to-no telltale signs of their provenance.

CyberSecurity

The ditching of self-propagation in favor of persistence notwithstanding, the botnet is said to have undergone significant changes in a short span of time, chief among them being the removal of DDoS attack features from the artifacts at one point, only to be reintroduced a week later.

The objectives of the campaign, ultimately, remain nebulous at best, with no follow-on activity observed post a successful compromise. What’s clear is that SSH servers with default or guessable credentials are being corralled into a botnet for some unspecified future purpose.

To fend off such infections, it’s recommended that users set strong passwords for devices or disable password authentication for SSH where possible.

“Although this threat heavily borrows code from Mirai, it has features that set it apart from its predecessor and its variants,” the researchers said. “Its ability to persist in the victim system gives threat actors the flexibility to use them for any malicious purpose they desire.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: attack, BruteForcing, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, hacker news, hacking news, how to hack, information security, IoT, Linux, Malware, network security, ransomware malware, RapperBot, Servers, software vulnerability, SSH, Targeting, the hacker news

Special Offers

  • Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106

    Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106
  • S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579

    S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579
  • eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119

    eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119
  • eufy SpaceView Add-On Video Baby Monitor for $99

    eufy SpaceView Add-On Video Baby Monitor for $99
  • eufy Solo IndoorCam C24 (2K, 2-Cam Kit, Plug-in) for $75

    eufy Solo IndoorCam C24  (2K, 2-Cam Kit, Plug-in) for $75

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Gootkit Malware Continues to Evolve with New Components and Obfuscations

Jan 29, 2023 By iHash

Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106

Jan 29, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video Vulnerabilities web applications

Latest

@insideBIGDATApodcast: ChatGPT – The Human AI Partnership

Welcome to the insideBIGDATA series of podcast presentations, a curated collection of topics relevant to our global audience. We bring you compelling topics including: big data, data science, machine learning, AI, and deep learning. Enjoy! For this installment, we bring you the second episode of Fireside Chatbots featuring Greylock general partner Reid Hoffman and ChatGPT, […]

S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579

Expires January 03, 2123 19:28 PST Buy now and get 0% off KEY FEATURES See 4K Detail Day and Night 180-Day Battery Life Up to 16 TB Expandable Local Storage (Additional Storage Drive Not Included) BionicMind AI Differentiates Family and Strangers HomeBase 3 Centralize Security Management PRODUCT SPECS Resolution 4K (3840×2160)° Night Vision Infrared & […]

eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119

Expires January 04, 2123 21:35 PST Buy now and get 0% off KEY FEATURES It’s in the 2K Details: The 2K high-resolution camera with 330 pan, 110 tilt, and 4x zoom features lets you watch over your baby in stunning detail. Night Vision: The non-invasive infrared night vision lets you check on your baby at […]

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

Jan 28, 2023Ravie LakshmananServer Security / DNS The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and […]

eufy Solo IndoorCam C24 (2K, 2-Cam Kit, Plug-in) for $75

Expires January 04, 2123 21:34 PST Buy now and get 0% off KEY FEATURES Knows Whos There: The on-device AI instantly determines whether a human or pet is present within the cameras view. The Key is in the Detail: View every event in up to 2K clarity (1080P while using HomeKit) so you see exactly […]

eufyCam 2 Pro Add-on Camera for $169

Expires January 06, 2123 22:33 PST Buy now and get 0% off 2K Resolution: When it comes to security, the key is in the detail. See exactly what is happening in and around your home in crisp 2K clarity. A Years Security from 1 Charge: Avoid frequent trips to charge the battery and enjoy 365-day […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT