BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • RapperBot botnet combines DDoS and cryptojacking: new versions target IoT devices

    The botnet turns your Linux into a Monero mine.

    New samples of the RapperBot botnet added cryptojacking capabilities to mine cryptocurrency on compromised Intel x64 machines.

    The change happened gradually, the developers first added the cryptomining component separately from the malware, and by the end of January the botnet and cryptomining functions were combined into a single whole.

    Researchers at Fortinet's FortiGuard Labs have been monitoring RapperBot activity since June 2022 and report that the updated RapperBot uses the XMRig Monero miner on the Intel x64 architecture. The information security company says that this campaign has been active since January and is primarily aimed at IoT devices.

    The miner code is now integrated into RapperBot, obfuscated with two-level XOR coding that effectively hides mining pools and Monero mining addresses from analysts.

    FortiGuard Labs discovered that the bot gets its mining configuration from a command and control (C2) server instead of hardcoded static pool addresses and uses multiple pools and wallets for backing up.

    To maximize mining performance, the malware enumerates the running processes on the compromised system and kills processes associated with other competing miners.

    Although the researchers did not find any DDoS commands sent from the C2 server to the analyzed samples, they found that the latest version of the bot supports the following commands:

    Performing DDoS attacks (UDP, TCP and HTTP GET);
    Stop DDoS attacks;
    Shutting down the work (and any child processes).

    RapperBot seems to be evolving rapidly and expanding its list of features to maximize operator profits.

    To protect devices from RapperBot and similar malware, users are advised to update software, disable unnecessary services, change default passwords to stronger ones, and use firewalls to block unauthorized requests.

    Earlier in 2022, information security specialists from Fortinet FortiGuard Labs discovered new RapperBot samples that were used to create a botnet capable of launching DDoS attacks on game servers. It is worth noting that it was Fortinet experts who were the first to spot the malware in 2022. Back then, it was designed only for brute-force Linux SSH servers.

    Author DeepWeb
    Unusual phishing campaign using memes as malware variables
    Unknown hackers hacked the US Department of Transportation

    Comments 0

    Add comment