Sign In

Communications of the ACM

ACM TechNews

IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

View as: Print Mobile App Share:

The malware is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.


Researchers at FortiGuard Labs reported that an Internet of Things (IoT) botnet malware identified in mid-June has been evolving rapidly.

The current version of the malware, called RapperBot, functions mainly as an SSH brute-force tool with limited ability to execute distributed denial-of-service (DDoS) attacks.

It reportedly uses more than 3,500 unique IP addresses to scan and brute-force its way into SSH servers.

Said the researchers, "RapperBot has switched from self-propagation to maintaining remote access into the brute-forced SSH servers."

The researchers noted that threat actors can access compromised SSH servers "even after SSH credentials have been changed or SSH password authentication is disabled. Moreover, since the file is replaced, all existing authorized keys are deleted, which prevents legitimate users from accessing the SSH server via public key authentication."

The activity indicates SSH servers are being corralled into a botnet for purposes that are as of yet unknown.

From The Hacker News
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account