RapperBot

RapperBot is a malware family derived from the Mirai botnet source code, targeting IoT devices through brute-forcing SSH credentials instead of Telnet. This modification allows RapperBot to compromise a broader range of devices, including those with more secure configurations. Unique among Mirai variants, RapperBot incorporates persistence mechanisms, ensuring continued access to compromised systems even after reboots or malware removal.

Known Variants

RapperBot with Cryptojacking Capabilities: A variant incorporating cryptocurrency mining alongside DDoS functionalities.

Mitigation Strategies

Disable password-based SSH authentication in favor of key-based methods. Regularly patch and update devices to eliminate known vulnerabilities. Monitor network traffic for unusual activity, such as brute-force attempts. Enforce rate-limiting and account lockout policies to prevent repeated login attempts.

Targeted Industries or Sectors

Gaming Industry: DDoS campaigns against game servers have disrupted online gaming platforms. General IoT Device Users: Any sector using SSH-enabled IoT devices is at risk, as RapperBot indiscriminately seeks to expand its botnet.

Associated Threat Actors

The developers and operators of RapperBot have not been conclusively identified. Its sophisticated features suggest a skilled entity, but no direct attribution exists.

References

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Hunt Intelligence, Inc.