According to Sysdig’s report, RUBYCARP uses known vulnerabilities and brute force methods to gain access to its victims’ systems. The group has 39 variants of the Perl-based malware in its arsenal, as well as a comprehensive set of attack tools.
The RUBYCARP botnet consists of three clusters: Juice, Cartier and Aridan, each used for different purposes.
Infected devices can be used for DDoS attacks, phishing, financial information theft, cryptocurrency mining and other malicious activities.
In its latest campaign, RUBYCARP exploited the CVE-2021-3129 vulnerability in Laravel applications and also attacked SSH servers and WordPress sites. Hackers also sent phishing emails impersonating well-known European companies such as Swiss Bank, Nets Bank and Bring Logistics.
Although RUBYCARP is not the largest botnet operator, their ability to remain undetected for 10 years demonstrates their high level of professionalism.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
