Friday, March 10, 2023
HomeCyber SecurityNew Model of Prometei Botnet Infects Over 10,000 Methods Worldwide

New Model of Prometei Botnet Infects Over 10,000 Methods Worldwide


Mar 10, 2023Ravie LakshmananEndpoint Safety / Hacking

An up to date model of a botnet malware referred to as Prometei has contaminated greater than 10,000 techniques worldwide since November 2022.

The infections are each geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey.

Prometei, first noticed in 2016, is a modular botnet that options a big repertoire of parts and a number of other proliferation strategies, a few of which additionally embody the exploitation of ProxyLogon Microsoft Change Server flaws.

It is also notable for avoiding hanging Russia, suggesting that the risk actors behind the operation are probably primarily based within the nation.

The cross-platform botnet’s motivations are monetary, primarily leveraging its pool of contaminated hosts to mine cryptocurrency and harvest credentials.

The newest variant of Prometei (referred to as v3) improves upon its present options to problem forensic evaluation and additional burrow its entry on sufferer machines, Cisco Talos mentioned in a report shared with The Hacker Information.

Prometei Botnet

The assault sequence proceeds thus: Upon gaining a profitable foothold, a PowerShell command is executed to obtain the botnet payload from a distant server. Prometei’s important module is then used to retrieve the precise crypto-mining payload and different auxiliary parts on the system.

A few of these help modules perform as spreader applications designed to propagate the malware via Distant Desktop Protocol (RDP), Safe Shell (SSH), and Server Message Block (SMB).

WEBINAR

Uncover the Hidden Risks of Third-Social gathering SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be part of our webinar to study concerning the forms of permissions being granted and easy methods to decrease danger.

RESERVE YOUR SEAT

Prometei v3 can also be noteworthy for utilizing a site era algorithm (DGA) to construct out its command-and-control (C2) infrastructure. It additional packs in a self-update mechanism and an expanded set of instructions to reap delicate information and commandeer the host.

Final however not least, the malware deploys an Apache internet server that is bundled with a PHP-based internet shell, which is able to executing Base64-encoded instructions and finishing up file uploads.

“This latest addition of latest capabilities [indicates] that the Prometei operators are constantly updating the botnet and including performance,” Talos researchers Andrew Windsor and Vanja Svajcer mentioned.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments