New samples of it RapperBot botnet malware, reviewed by experts security, they have added cryptomining capabilities to mine cryptocurrency from hacked machines with Intel x64.
The RapperBot campaign is bringing in some fresh talent to its arsenal of malware beats, adding cryptomining capability to its existing distributed denial-of-service (DDoS) botnet malware in order to expand its financial horizons.
According to analysis by Fortinet’s FortiGuard Labs, the malware is a customized variant of the well-known XMRig Monero miner, tailored specifically for Intel x64 machines.
Once a device is infected, it becomes a node in the botnet, allowing the hacker to use it for various purposes. In many cases, owners of infected devices are completely unaware that their devices have been compromised, making botnets a particularly insidious threat.
XMRig is an open-source Monero miner, and its incorporation by a DDoS botnet that specializes in infesting consumer IoT gear makes sense, according to FortiGuard researchers.
FortiGuard analysts first noticed that something was new with RapperBot in late January, when they collected a significantly larger x64 sample than is common for the malware.
“On further analysis, we verified that the bot developers had merged the RapperBot C source code with the C++ code of XMRig Monero miner to create a combined bot client with mining capabilities,” they explained.
Merging the two together instead of deploying them separately offers a few advantages, according to the analysis.
The Researchers discovered that the latest version supports the following commands:
- Perform DDoS attacks (UDP, TCP and HTTP GET)
- Stop DDoS attacks
- Terminate itself
IOCs – RapperBot
AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ== system key generated by server 20220709
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment