Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

RapperBot DDoS Botnet Ventures into Cryptojacking, Poses New Cyber Threats

RapperBot DDoS Botnet Ventures into Cryptojacking, Poses New Cyber Threats

Shipra Sanganeria
Published by Shipra Sanganeria on May 21, 2024

FortiGuard Labs, a renowned cybersecurity research team, has recently discovered fresh instances of the ongoing RapperBot campaign, which has been active since January 2023. RapperBot, a notorious malware family primarily targeting Internet of Things (IoT) devices, has been in circulation since June 2022.

Previous reports from FortiGuard Labs shed light on the campaign in August 2022 and December 2022, highlighting its focus on exploiting weak or default SSH or Telnet credentials to amplify its botnet for launching devastating Distributed Denial of Service (DDoS) attacks. However, in this latest wave of attacks, the threat actors behind RapperBot have taken a step further by delving into cryptojacking, specifically targeting Intel x64 machines.

At the outset, they implemented an independent Monero cryptominer alongside the standard RapperBot binary. Yet, towards the end of January 2023, they consolidated both functionalities into a single bot, integrating miner capabilities. This article will delve into the modifications observed in this new campaign and provide a comprehensive technical analysis of the upgraded RapperBot variant empowered with cryptojacking capabilities.

FortiGuard Labs has recently disclosed an updated variant of RapperBot, a malware strain that is now utilizing the XMRig Monero miner specifically designed for Intel x64 architectures. The cybersecurity firm has revealed that this campaign, which primarily focuses on Internet of Things (IoT) devices, has been active since January.

FortiGuard Labs has uncovered new information regarding the integration of a miner’s code within RapperBot malware, which uses double-layer XOR encoding to conceal mining pools and Monero mining addresses.

The bot retrieves mining configuration from the C2 server, with multiple pools and wallets for resilience and employs two mining proxies to add complexity to tracking. RapperBot switches to public mining pools if C2 is inaccessible and terminates competitor miners. The latest version uses two-layer encoding for C2 communication to avoid detection by network traffic monitors.

Randomized request intervals and sizes make exchanges stealthier. To protect against such malware, users should keep software up to date, disable unnecessary services, change default passwords, and use firewalls.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback