Raspberry Pi Malware uses IRC Remote Access Trojan (RAT)

76,604
0
Published 2023-05-26

All Comments (21)
  • @ShayBlez
    I love how this script taught me how IRC client server actually talk to one another XD
  • @irobot-kh9db
    im pretty sure when elliot connected the pi to the Steel canyon thermostat i think it was also a Raspberry Pi Malware uses IRC Remote Access Trojan (RAT).
  • I am not an expert in the field of cyber security, but I intend to learn, and every time I lose passion in learning and watch your videos, I just go back and continue again. Thank you for everythingπŸ˜ŠπŸ˜‰ I feel that you are my guide in this field😌
  • @ivanmaglica264
    IRC as a command&control is not unheard of. Used to be common back in the early 2000s when first botnets came to existance.
    Question: who port-forwards ssh to raspberry pi with default user/pass to internet? Like putting keys into a car with windows open...
  • @Bitsniper
    Your explanations help me get better in Linux and malware analyses. Your videos are great value!
  • @OverNine9ousend
    What is this Overflow thumbnail :D Also Pi with IRC RAT, lets go baby. Nice find
  • @user-tc8xp2so9l
    Great video as always, John.
    Just wanted to say that I've noticed that very same malware being dropped in my SSH honeypot a couple of times some months ago, but I've got 3 different samples of it if I remember correctly.
    IDK if I should send you those samples because they're almost the same IRC worm written in plain bash... And I find them funny as hell.

    Sorry any typo, I'm not a native english speaker.
  • @SnakerDLK
    Would have been great to validate the credentials in the hash and then join those channels to see how many infected machines are connected.
  • @mikehensley78
    looks like an RX Bot my brother used to play with back in the day... it comes to an IRC channel and you command it with commands beginning with a special character. i used to love IRC. :)
  • @OppieT30
    I got hacked once when I had my linux box on the net, they installed an IRC bot in my home directory. I looked at what it did and logged into the channel they were using. And seen everything. Pretty interesting.
  • @Veisemer
    Its like your Pi becomes a zombie and these zombies will keep scanning another vuln Pi's in the wild and infect it.
  • Haha we boomers used to run IRC with Telnet, so I recognize those responses immediately!
  • @dguerri
    Now I feel very old. IRC as C2 was the default back in my days πŸ˜‚
  • @nathanwolf7858
    Ok I'll date myself a little bit here but this is not new. Sub7 server was using IRC for c2 like 25+ years ago.....lol
  • @6pfk
    picked up a lot of background bash info thanks.
  • @GandhiTheDerg
    The thing that doesn't make sense is, it changing the password.
    This would make the user take the Pi offline and reflash it, killing the RAT, in most cases
  • @Lampe2020
    5:20 If you want to pronounce "Deutschland" as a German would pronounce it ("Deutschland" is German for "Germany"), think of it as if it was written "Doytshlund" and pronounce that the English way.
  • @user-zd7oo3vf5c
    Could you please create some video about "Black Cat/AlphV ransomware" and how their tools work? Looks like a lot of big companies were hit recently
  • @dbdcheese
    Bro copied liveoverflow's thumbnail as revenge for the mockery in his last video πŸ’€