FortiGuard Labs has found fresh examples of the RapperBot campaign, which has been going strong since January 2023. IoT devices are the main target of the malware family RapperBot. Since June 2022, it has been spotted in the wild. August 2022 and December 2022 saw reports from FortiGuard Labs on their prior campaigns. These tactics centred on expanding the botnet’s reach in order to perform Distributed Denial of Service attacks by brute-forcing devices with weak or pre-configured SSH or Telnet credentials.
These threat actors have begun cryptojacking in this campaign, primarily targeting Intel x64 devices. Along with the standard RapperBot malware, they initially deployed and ran a separate Monero cryptominer. However, they consolidated both functions into one bot as of late January 2023.