Raspberry Pi Malware uses IRC Remote Access Trojan (RAT)

I love how this script taught me how IRC client server actually talk to one another XD

ShayBlez

im pretty sure when elliot connected the pi to the Steel canyon thermostat i think it was also a Raspberry Pi Malware uses IRC Remote Access Trojan (RAT).

irobot-khdb

I am not an expert in the field of cyber security, but I intend to learn, and every time I lose passion in learning and watch your videos, I just go back and continue again. Thank you for everything😊😉 I feel that you are my guide in this field😌

mohamedabd_elkhalk

IRC as a command&control is not unheard of. Used to be common back in the early 2000s when first botnets came to existance.
Question: who port-forwards ssh to raspberry pi with default user/pass to internet? Like putting keys into a car with windows open...

ivanmaglica

Your explanations help me get better in Linux and malware analyses. Your videos are great value!

Bitsniper

What is this Overflow thumbnail :D Also Pi with IRC RAT, lets go baby. Nice find

OverNineousend

Ok I'll date myself a little bit here but this is not new. Sub7 server was using IRC for c2 like 25+ years

nathanwolf

Haha we boomers used to run IRC with Telnet, so I recognize those responses immediately!

PwnySlaystation

looks like an RX Bot my brother used to play with back in the day... it comes to an IRC channel and you command it with commands beginning with a special character. i used to love IRC. :)

mikehensley

Would have been great to validate the credentials in the hash and then join those channels to see how many infected machines are connected.

SnakerDLK

I got hacked once when I had my linux box on the net, they installed an IRC bot in my home directory. I looked at what it did and logged into the channel they were using. And seen everything. Pretty interesting.

OppieT

Now I feel very old. IRC as C2 was the default back in my days 😂

dguerri

great video! Running down the code was pretty interesting

JosephHenryDrawing

5:20 If you want to pronounce "Deutschland" as a German would pronounce it ("Deutschland" is German for "Germany"), think of it as if it was written "Doytshlund" and pronounce that the English way.

Lampe

Nobody hacked you if you exposed a service on the web with default credentials. You hacked yourself.

TurboWindex

Great video as always, John.
Just wanted to say that I've noticed that very same malware being dropped in my SSH honeypot a couple of times some months ago, but I've got 3 different samples of it if I remember correctly.
IDK if I should send you those samples because they're almost the same IRC worm written in plain bash... And I find them funny as hell.

Sorry any typo, I'm not a native english speaker.

x窓付

Could you please create some video about "Black Cat/AlphV ransomware" and how their tools work? Looks like a lot of big companies were hit recently

zdoovfc

Bro copied liveoverflow's thumbnail as revenge for the mockery in his last video 💀

dbdcheese

I thought you were older, John. 🤣
Not recognizing an IRC server, network and the default IRC port 6667... You know so much, but just this one time, I instantly knew something you didn't, even way before the connect message when you nc'ed the hostnames. 😁

IRC is likely one of the oldest way to control zombies / bots.
I remember hearing about this almost 25 years ago, and even then it wasn't new.

alcaeo

Did you report this to the IRC provider? It would be fun to break their botnet.... :D

jagdtigger