This New Mirai Variant Uses Peculiar Malware Distribution Methods

 

RapperBot, a new Mirai variant, is the latest example of malware spreading through relatively uncommon or previously undiscovered infection channels.

RapperBot originally appeared last year as Internet of Things (IoT) malware that contained big amounts of Mirai source code but had significantly different capabilities than other Mirai variants. The differences included the use of a new command-and-control (C2) protocol and a built-in functionality for brute-forcing SSH servers rather than Telnet services, as is usual in Mirai variants.

Fortinet researchers who tracked the malware last year noticed its makers continually changing it, first by adding code to ensure persistence on infected PCs even after a reboot, and then by inserting code for self-propagation through a remote binary downloader. The virus writers later deleted the self-propagation feature and replaced it with one that gave them persistent remote access to brute-forced SSH servers.
Kaspersky researchers detected a new RapperBot variant circulating in the open in the fourth quarter of 2022, where the SSH brute-force functionality had been deleted and replaced with capabilities for targeting telnet servers.
According to Kaspersky’s examination of the malware, it also had a “intelligent” and relatively unusual function for brute-forcing telnet. Rather of brute-forcing with a large number of credentials, the virus e

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: