Operation Prowli Malware, a new gigantic botnet which is especially developed by the team of cyber criminals which has managed to infect more than 40,000 modems, servers and IoT devices. The devices affected by this malware are then used by the hackers to mine cryptocurrency and redirect users to phishing or malicious web portals. A reputed cyber security team have found the Prowli Malware and reported that it is a kind of botnet which mainly relies on the vulnerabilities and brute-force attacks to affect the devices and take over them for illicit purposes.
According to the recent research report published by the malware analysts, Prowli Malware targets the list of servers and devices like WordPress site through brute-force attacks in admin panel and various exploits as well. In its malicious operation, the threat can also affect the server of Joomla which runs the K2 extension through CVE-2018-7482 exploit. What’s more, the Prowli Malware has the ability to infect different models of DSL modems via known vulnerability, servers that are running in the HP Data Protector by using a exploit known as CVE-2014-2623.
Technically speaking, other servers or devices like Drupal, NFS boxes, PhpMyAdmin installation, and the servers that are equipped with exposed SMB ports and easily get affected with Prowli Malware through brute-force credentials. Moreover, the group of cyber crooks operating this malware also uses an SSH scanner module in which Prowli Malware attempts to guess the username and password of the compromised devices that exposes the SSH port of the systems over the Internet. The main objective of this precarious infection to infect as maximum servers or IoT devices as possible to perform the heavy cryptocurrency mining operation on them.
Related Article: A New Linux Trojan Virus Called Linux/NyaDrop Targets IOT Devices
What’s more, the web surfers whose machine where infected with Monero miner virus and r2r2 worm threat which performs the SSH brute-force attacks on the affected systems in order to help the Prowli malware to spread itself and infect as much computer users as possible. However, the popular platforms like CMS used to run websites receive some special treatment after the attack of malicious backdoor web shell named WSO. Hackers uses this web shell to alter the infected sites and host harmful codes which then redirects the users to phishing portals.
According to the cyber security researchers, Prowli Malware is especially designed by the hackers to gain the maximum profit at the expense of infected system users. At the time of writing this security article, the malware has infected more than 40,000 devices and servers located over the network of almost 9,000 companies. These affected servers or devices are then used to earn money for the developers of Prowli botnet malware. However, the threat can infect the users all around the world. Therefore, it is highly advised by the researchers to take preemptive measures to avoid getting attacked by Prowli Malware or similar threats.