Up-to-date on the latest infection methods: RapperBot, CUEMiner, and Rhadamanthys

admin 16 Nisan 2023 Kültür-Sanat Leave a comment 85 Views

Cybercriminals are constantly evolving their skills and tools, looking for new ways to raid individuals and businesses. In a recent Securelist blog post, Kaspersky explored unusual infection methods used by attackers. One of the discoveries is called RapperBot, a Mirai-based worm that infects IoT devices with the ultimate goal of launching DDoS attacks against non-HTTP targets. Other methods mentioned in the blog post include information stealer Rhadamanthys and CUEMiner, based on open source malware believed to be distributed via BitTorrent and OneDrive.

RapperBot

The RapperBot was first sighted in June 2022 when it targeted the Secure Shell protocol (SSH). This is considered a secure way to transfer files because it uses encrypted communication, unlike Telnet services that send data in plain text form. However, the latest version of RapperBot has removed the SSH functionality and now focuses solely on Telnet, and with quite a bit of success. In Q4 2022, RapperBot’s infection attempts reached 112,000 users from over 2,000 unique IP addresses.

What sets RapperBot apart from other worms is its “intelligent” way of brute forcing: it checks the prompt and selects the correct credentials accordingly. This method greatly speeds up the brute-forcing process because it doesn’t have to go through a huge list of credentials. As of December 2022, the top 3 countries with the highest number of devices infected by RapperBot were Taiwan, South Korea, and the United States.

CUEMiner

Another new family of malware described in Kaspersky’s blog post is CUEMiner, based on an open-source malware that first appeared on Github in 2021. The latest version was discovered in October 2022, and contains a miner and a so-called ‘watcher’. This program monitors a system while a heavy process such as a video game is being launched on a victim’s computer.

While investigating CUEMiner, Kaspersky found two methods of spreading the malware. The first is via trojanized cracked software downloaded via BitTorrent. The other method is via trojanized cracked software downloaded from OneDrive sharing networks. Since no direct links are available at time of publication, it remains unclear how victims are lured into downloading these cracked packages. Still, many crack sites today do not offer direct downloads. Instead, they refer to Discord server channels for further discussion. This suggests a form of human interaction and social engineering.

Such “open source” malware is very popular among amateur or unskilled cybercriminals because it allows them to conduct large-scale campaigns. CUEMiner victims can currently be found all over the world, some within corporate networks. The largest number of victims within Kaspersky Security Network telemetry are in Brazil, India and Turkey.

Rhadamanthys

Finally, the Kaspersky blog post provides new information about Rhadamanthys, an information thief who uses Google Advertising as a means to distribute and deliver malware. It was already listed on Securelist in March 2023, but it has since come to light that Rhadamanthys has a strong connection with Hidden Bee miner, aimed directly at cryptocurrency mining. Both monsters use graphics to hide the payload and have similar bootstrapping shell codes. In addition, both use in-memory virtual file systems and Lua language to load plugins and modules.

“Open source malware, code reuse and rebranding are widely used by cybercriminals. This means that even less experienced attackers can now launch large-scale campaigns and target victims all over the world. Moreover, malvertising is becoming a hot trend as is already in high demand among malware groups. To prevent such attacks and protect your business from attacks, it is important to be up to date with what is going on in the field of cybersecurity and use the latest security tools available.” said Jornt van der Wiel, senior security researcher, GReAT at Kaspersky.

Learn more about the new infection methods and techniques cybercriminals are using on Securelist.

READ ALSO: Research Cisco: Small businesses struggle most with cybersecurity

READ ALSO: Research Cisco: only 8% of Dutch organizations are prepared for cyber threats

Tags

About admin

Check Also

Is PEPE coin going to rise or is the bull run cycle over, are $COPIUM and AiDoge the new trending cryptos?

NB! This is a paid press release. After its sudden appearance on the crypto market, …

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Powered by WordPress | Designed by TieLabs
© Copyright 2023, All Rights Reserved
hacklink panelantalya escortantalya escort bayanescort antalyakonyaaltı escortantalya otele gelen escorthacklinktoscanello purocaptain blackmarlboro double fusionmarvel sigaraharvest sigarasenator sigarakalpli sigaramilano sigarakeno club sigaradjarum blackal capone sigarayeşil periiqos sigaraBackwoods puroSobranie sigaradavidoff sigaratekirdağ escortçanakkale escortmanavgat escortbeykoz escortlüleburgaz escortgaziemir escorterdemli escortinegöl escortmezitli escortsusurluk escortsandıklı escortsoma escortkaş escortkavaklıdere escortaksaray escortmecidiyeköy escortsamsun mutlu sonizmit escortankara escortsakarya escortçan escortyalıkavak escortbolu escortkaraman escortkırşehir escortkahramanmaraş escortizmir mutlu sonmalatya mutlu sonantalya mutlu sonankara mutlu sonistanbul mutlu sonyalova mutlu sonadana mutlu sontekirdağ mutlu sonankara Escorthttp://www.elitescorthatun.com/bursa Escortantalya Escortizmir Escortistanbul escortmersin escortarnavutköy escortavcılar escortbaşakşehir escortesenyurt escortfatih escortkağıthane escortkartal escortmaltepe escortpendik escortsultangazi escortümraniye escortzeytinburnu escortAdana EscortEskişehir EscortGaziantep EscortSamsun Escortkonya escortadaxbetadresi.comBeylikdüzü escortBayan escortMalatya escortsakarya escortkayseri escortdenizli escortdiyarbakır escortvan escortaydın escortmugla escorthatay escortkocaeli escortadıyaman escortafyon escortagrı escortaksaray escortamasya escortardahan escortartvin escortbalıkesir escortbartin escortbatman escortbayburt escortbilecik escortbingöl escortbitlis escortbolu escortburdur escortçanakkale escortçankırı escortçorum escortdüzce escortedirne escortelazıg escorterzincan escorterzurum escortgiresun escortgümüşhane escortıgdır escortısparta escortmaraş escortkarabük escortkaraman escortkars escortkastamonu escortkırıkkale escortkırklareli escortkırşehir escortkilis escortkütahya escortmanisa escortmardin escortmuş escortnevşehir escortnigde escortordu escortosmaniye escortrize escortadana escortankara escortanytalya escortizmir escortmersin escortsiirt escortsinop escortsivas escorturfa escortsırnak escorttekirdag escorttokat escorttrabzon escorttunceli escortuşak escortvan escortyalova escortyozgat escortzonguldak escortkıbrıs escortkonya escortmugla escortkıbrıs escortkamagra jelşişli escorttaksim escortbeşiktaş escortkurtköy escortbüyükçekmece escortküçükçekmece escortavcılar escortnişantaşı escortbakırköy escortkadıköy escortataşehir escortbahçeşehir escortbahçelievler escortbaşakşehir escortkartal escortmecidiyeköy escortümraniye escortfatih escorttuzla escortpendik escortmaltepe escortesenler escortbeykoz escortbeyoglu escortatakoy escorteyup escortüsküdar escortarnavutköy escortgaziosmanpaşa escortsilivri escortzeytinburnu escortsultangazi escortkagıthane escortbebek escortetiler escortlevent escortçatalca escortsarıyer escortsancaktepe escortşirinevler escortkasımpaşa escortbayrampaşa escortşile escortfethiye escortdalaman escortmarmaris escortbodrum escortmilas escortkuşadası escortdidim escortalanya escortmanavgat escortizmit escortgebze escortçeşme escortalsancak escortkarşıyaka escortkonak escortbornova escortbuca escortkarabaglar escortgöztepe escortnarlıdere escortaliağa escorteryaman escortmamak escortsincan escortetimesgut escortulus escortkeçiören escortyenimahalle escortpolatlı escortaltındag escortAtaköy escortEsenyurt escortFlorya escortataköy escortbağcılar escort500 evler escortbahçelievler escortbeşiktaş escortavcılar escortbüyükçekmece escortesenyurt escortbeylikdüzü escortbornova escortçekmeköy escortdöşemealtı escortmuratpaşa escortsultanbeyli escortmelikgazi escortetimesgut escortkeşan escortkarabağlar escortseks hikayeleriadana escortbodrum escortadıyaman escortadıyaman escortcasinoPuffcasino maldivesGüvenilir Slot Sitelerigaziantep escortgaziantep escortvozol puffdoandırıcı daname bonuzuu zteamdeneme bonusu veren siteleradana escortankara escortantalya escortadıyaman escortafyon escortamasya escortartvin escortafyon escortbalıkesir escortbartın escortbatman escortbayburt escortbilecik escortbingöl escortbitlis escortbodrum escortbolu escortburdur escortbursa escortçanakkale escortçorum escortdenizli escortdiyarbakır escortdüzce escortedirne escortelazıg escortgebze escorterzincan escorterzurum escorteskişehir escortgaziantep escortgiresun escortgümüşhane escorthatay escortısparta escortizmir escortkahramanmaraş escortkarabük escortkaraman escortkastamonu escortkayseri escortkırşehir escortkocaeli escortkonya escortkütahya escortkuşadası escortmalatya escortmanisa escortmardin escortmersin escortmugla escortordu escortosmaniye escortrize escortsakarya escortsamsun escortşanlıurfa escortsivas escorttekirdağ escorttokat escorttrabzon escortuşak escortvan escortyalova escortyozgat escortzonguldak escortfethiye escortalanya escortmarmaris escortmanavgat escortnumberoneescorts.com betturkeybetturkey girişbetturkey girisBetturkey guncel girisbetmatikbetmatik girişbetmatik girisbetmatik güncel girişmatadorbetmatadorbet girişmatadorbet güncel girişmatadorbet girisadaxbet güncel girişBetgitBetgit girişBetgit güncel girişbetgitbetgit girisbetgit güncel girişSahttekar dolandırıcı danemabonuzu zteammm betgitsupertotobetsupertotobet girişbetgit güncel girişescortAntalya EscortSahabet güncel girişilbetdeneme bonusu veren siteler