botnet, ddos, distributed denial-of-service, game servers, malware, rapperbot

The Mirai-based botnet ‘RapperBot’ has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers.

The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.

By tracing its activities, the researchers found that RapperBot has been operational since May 2021, but its exact goals were hard to decipher.

botnet, ddos, distributed denial-of-service, game servers, malware, rapperbot

RapperBot campaigns timeline (Fortinet)

The recent variant uses a Telnet self-propagation mechanism instead, which is closer to the approach of the original Mirai malware.

Also, the motivation of the current campaign is more apparent, as the DoS commands in the latest variant are tailored for attacks against servers hosting online games.

Lifting the lid on RapperBot

Fortinet analysts could sample the new variant using C2 communication artifacts collected in the previous campaigns, indicating that this aspect of the botnet’s operation has not changed.

The analysts noticed the new variant featured several differences, including support for Telnet brute-forcing, using the following commands:

  • Register (used by the client)
  • Keep-Alive/Do nothing
  • Stop all DoS attacks and terminate the client
  • Perform a DoS attack
  • Stop all DoS attacks
  • Restart Telnet brute forcing
  • Stop Telnet brute forcing

The malware tries to brute force devices using common weak credentials from a hardcoded list, whereas previously, it fetched a list from the C2.

“To optimize brute forcing efforts, the malware compares the server prompt upon connection to a hardcoded list of strings to identify the possible device and then only tries the known credentials for that device,” explains Fortinet.

“Unlike less sophisticated IoT malware, this allows the malware to avoid trying to test a full list of credentials.”

After successfully finding credentials, it reports it to the C2 via port 5123 and then attempts to fetch and install the correct version of the primary payload binary for the detected device architecture.

Currently supported architectures are ARM, MIPS, PowerPC, SH4, and SPARC.

botnet, ddos, distributed denial-of-service, game servers, malware, rapperbot

Downloading the ARM payload using wget (Fortinet)

The DoS capabilities in RapperBot’s older variant were so limited and generic that the researchers hypothesized its operators might be more interested in the initial access business.

However, in the latest variant, the true nature of the malware has become apparent with the addition of an extensive set of DoS attack commands like:

  • Generic UDP flood
  • TCP SYN flood
  • TCP ACK flood
  • TCP STOMP flood
  • UDP SA:MP flood targeting game servers running GTA San Andreas: Multi Player (SA:MP)
  • GRE Ethernet flood
  • GRE IP flood
  • Generic TCP flood

Based on the HTTP DoS methods, the malware appears to be specialized in launching attacks against game servers.

“This campaign adds DoS attacks against the GRE protocol and the UDP protocol used by the Grand Theft Auto: San Andreas Multi Player (SA:MP) mod,” reads Fortinet’s report.

Likely the same operators

Fortinet believes all detected RapperBot campaigns are orchestrated by the same operators, as newer variants indicate access to the malware’s source code.

Moreover, the C2 communication protocol remains unchanged, the list of credentials used for brute forcing attempts has been the same since August 2021, and there have been no signs of campaign overlaps at this time.

To protect your IoT devices from botnet infections, keep the firmware up to date, change default credentials with a strong and unique password, and place them behind a firewall if possible.

TECH NEWS RELATED

6 other zombie shows and movies to watch if you’re loving The Last of Us

HBO has done it once again, delivering via the apocalyptic The Last of Us yet another prestige drama that’s become the network’s newest must-watch series — one about which both critics and fans have not stopped raving since its debut this past weekend. Ahead of episode two of the ...

View more: 6 other zombie shows and movies to watch if you’re loving The Last of Us

Anker’s New Monitor Stand Doubles as an All-In-One Docking Station

Anker The average USB docking station is just an ugly gray box. So, for those who want something a bit more flashy, Anker is launching the 675 12-in-1 USB Docking Station, which doubles as a monitor stand. It’s an impressive-looking product, and it offers plenty of ports for all ...

View more: Anker’s New Monitor Stand Doubles as an All-In-One Docking Station

M2 Pro and M2 Max benchmark results show a 30% faster GPU

Geekbench scores already showed how faster the M2 Pro processor is compared to the M1 Max chip in CPU performance. Now, new tests spotted by MacRumors highlight the graphic performance of the M2 Pro and M2 Max are about 30% faster than their predecessors. These tests align with what ...

View more: M2 Pro and M2 Max benchmark results show a 30% faster GPU

TikTok EU ban on the table if social network doesn’t comply with new laws

TikTok is one of the most popular social networks out there. But TikTok is also a cause of concern for western governments that worry about the company’s ties to the Chinese government. TikTok can’t run on most devices the US government issues, and there has been talk of a ...

View more: TikTok EU ban on the table if social network doesn’t comply with new laws

Don’t Buy a Foldable Until Samsung Brings This Prototype to Life

Samsung Display via The Verge The world of foldable phones is surprisingly stagnant. The Galaxy Z Fold gets a tiny little upgrade every year, and rival phone brands loosely copy Samsung’s homework. But a new Samsung Display prototype called the “Flex In & Out” could turn this narrative on ...

View more: Don’t Buy a Foldable Until Samsung Brings This Prototype to Life

‘Budget’ MacBook Air workstation doesn’t look cheap [Setups]

It's a “budget” setup, but it really doesn't look it. Photo: Christian Panea@Workspace Setups Addict Some budget computer setups look the part — cheap, utilitarian, uninspired, incomplete — and others don’t. Today’s featured setup falls in the latter category. You look at the well-equipped workstation and the word “cheap” ...

View more: ‘Budget’ MacBook Air workstation doesn’t look cheap [Setups]

Best free sports streaming apps in 2023

Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

View more: Best free sports streaming apps in 2023

Today in Apple history: Sequel to ‘1984’ Mac ad bombs hard

The “Lemmings” ad became a massive disaster for Apple. Photo illustration: Ste Smith/Cult of Mac January 20, 1985: Apple attempts to build on the triumph of the previous year’s “1984” Macintosh commercial with another Super Bowl ad. Called “Lemmings,” the ad for a new business platform called Macintosh Office ...

View more: Today in Apple history: Sequel to ‘1984’ Mac ad bombs hard

Avengers 5 might have Ant-Man in it, Quantumania star teases

Sharing a Netflix Account? Get Ready to Pay For It

‘7 Wonders’ Board Game Gets a New ‘Edifice’ Expansion

Saddle up for some solitaire with Pocket Card Jockey: Ride On!

T-Mobile Kicks Off 2023 With Another Data Breach

Apple appeals to UK competition watchdog investigation about mobile browser dominance

Galaxy S23 Ultra release date and specs leak finally reveals everything about the new model

Wave 1 of Fire Emblem Engage icons arrive on Switch Online, lots more on the way

WhatsApp for iOS rolling out the ability to create a chat with yourself

New Pokémon plushes turn the tables and “Hug You!”

Amazon Prime Music Unlimited changes streaming prices, now matches Apple Music

Deadpool 3 and Secret Wars to feature Fox’s X-Men, according to Marvel insider

OTHER TECH NEWS

Top Car News Car News