BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • RapperBot botnet combines DDoS and cryptojacking: new versions target IoT devices

    The botnet turns your Linux into a Monero mine.

    New samples of the RapperBot botnet added cryptojacking capabilities to mine cryptocurrency on compromised Intel x64 machines.

    The change happened gradually, the developers first added the cryptomining component separately from the malware, and by the end of January the botnet and cryptomining functions were combined into a single whole.

    Researchers at Fortinet's FortiGuard Labs have been monitoring RapperBot activity since June 2022 and report that the updated RapperBot uses the XMRig Monero miner on the Intel x64 architecture. The information security company says that this campaign has been active since January and is primarily aimed at IoT devices.

    The miner code is now integrated into RapperBot, obfuscated with two-level XOR coding that effectively hides mining pools and Monero mining addresses from analysts.

    FortiGuard Labs discovered that the bot gets its mining configuration from a command and control (C2) server instead of hardcoded static pool addresses and uses multiple pools and wallets for backing up.

    To maximize mining performance, the malware enumerates the running processes on the compromised system and kills processes associated with other competing miners.

    Although the researchers did not find any DDoS commands sent from the C2 server to the analyzed samples, they found that the latest version of the bot supports the following commands:

    Performing DDoS attacks (UDP, TCP and HTTP GET);
    Stop DDoS attacks;
    Shutting down the work (and any child processes).

    RapperBot seems to be evolving rapidly and expanding its list of features to maximize operator profits.

    To protect devices from RapperBot and similar malware, users are advised to update software, disable unnecessary services, change default passwords to stronger ones, and use firewalls to block unauthorized requests.

    Earlier in 2022, information security specialists from Fortinet FortiGuard Labs discovered new RapperBot samples that were used to create a botnet capable of launching DDoS attacks on game servers. It is worth noting that it was Fortinet experts who were the first to spot the malware in 2022. Back then, it was designed only for brute-force Linux SSH servers.

    Author DeepWeb
    Unusual phishing campaign using memes as malware variables
    Unknown hackers hacked the US Department of Transportation

    Comments 0

    Add comment