Top Monthly Posts
How to install Emby Server on Ubuntu
Understanding NGINX Location Rules: A Comprehensive Guide
How to Install Windows 10 Without a Microsoft...
Setting Up VLANs on OpenWrt 23.05: Making the...
How to enable HSTS on Apache
How to install Python on CentOS 8
Log Management in Linux with Lnav
OpenSSL 3.0 Vulnerability: What you need to know
Troubleshooting a Linux Web Server
How to install PHP 8.2 on RHEL based...
Top Monthly Posts
How to install Emby Server on Ubuntu
Understanding NGINX Location Rules: A Comprehensive Guide
How to Install Windows 10 Without a Microsoft...
Setting Up VLANs on OpenWrt 23.05: Making the...
How to enable HSTS on Apache
How to install Python on CentOS 8
Log Management in Linux with Lnav
OpenSSL 3.0 Vulnerability: What you need to know
Troubleshooting a Linux Web Server
How to install PHP 8.2 on RHEL based...

Your IP Address: 184.149.61.154

Monday, April 15, 2024
Home // RapperBot Malware Targets Game Servers For DDoS Attacks
News

RapperBot Malware Targets Game Servers For DDoS Attacks

malwaresecuritytech news
pcplanet 0 2 mins read
| Published on: November 17, 2022

Cybersecurity researchers have found new cases of RapperBot malware used to build a botnet that can attack gaming servers with DDoS attacks.

Researchers from Fortinet FortiGuard Labs, Joie Salvio and Roy Tay, said in a paper that came out on Tuesday that this campaign is less like RapperBot than an older one that started in February and disappeared in mid-April for no clear reason.

The network security company found out about RapperBot in August 2022. It is heavily based on the Mirai botnet, whose source code was leaked in October 2016, which led to many different versions.

What can it do?

The new version of the RapperBot malware can do brute-force Telnet attacks, as well as DoS attacks using the Generic Routing Encapsulation (GRE) tunneling protocol and UDP floods that target game servers running Grand Theft Auto: San Andreas.

The researchers said, “The Telnet brute-force code is mostly made for self-propagation and looks like the old Mirai Satori botnet.”

This was clear in the artifacts that were found after July 2022.

https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery/_jcr_content/root/responsivegrid/image.img.png/1659483943925/fig1.png

Attack Outcomes

When an attack is successful, the credentials used are sent back to the C2 server and the RapperBot payload is installed on the device that was broken into.

Attack Scope

Fortinet said that the RapperBot malware is made to only attack appliances that run on the ARM, MIPS, PowerPC, SH4, and SPARC architectures. If an appliance runs on an Intel chipset, the virus will stop spreading itself.

Also, it has been found that the October 2022 campaign has overlaps with other operations that used the malware as far back as May 2021. The Telnet spreader module first showed up in August 2021, but was taken out of later samples and put back in last month.

“Based on the undeniable similarities between this new campaign and the previously reported RapperBot campaign, it is highly likely that they are both being run by a single threat actor or by different threat actors who have access to a privately shared base source code,” the researchers said.

Read the full research article on fortinet

IF YOU ARE HAVING PROBLEMS WITH THIS GUIDE, EMAIL US AT:

You may also like

Navigating CVE-2023-49103: Proactive Defense for ownCloud

Websites Posing as MSI Afterburner That Spread CoinMiner

Windows Internet Key Exchange Exposed to RCE Flaw

Aurora Malware’s Samples & C2 Servers On The...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.

Copyright @2022-2024 All Right Reserved – PCPlanet

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. You understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site. By clicking “Accept”, you consent to the use of ALL the cookies.
.
Accept Read More

Privacy & Cookies Policy