A new botnet called ‘RapperBot’ is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device.
The researchers show that RapperBot is based on the Mirai trojan but deviates from the the original malware’s normal behavior, which is uncontrolled propagation to as many devices as possible.
Instead, RapperBot is more tightly controlled, has limited DDoS capabilities, and its operation appears geared towards initial server access, likely to be used as stepping stones for lateral movement within a network.
Read more…
Source: Bleeping Computer