2052
Home Malware Prowli Malware Attacks Servers, Routers and 40,000 Devices Worldwide
Prowli Malware Attacks Servers, Routers and 40,000 Devices Worldwide Prowli Malware Attacks Servers, Routers and 40,000 Devices Worldwide
Malware,News | 06/08/2018

Prowli Malware Attacks Servers, Routers and 40,000 Devices Worldwide


Malware developers have figured out ways to spread an enormous botnet of more than 40,000 on the infected web servers, modems, and other IoT gadgets, which they exploited for cryptographic money mining, and for redirecting users to malicious third-party websites. Named as Prowli and found by the GuardiCore security group, this botnet campaign is a unique operation that depends on vulnerabilities and credentials exploit kit to infect and gain control over the devices.

Prowli Malware strikes!
Impacts over 40,000 Modems, Servers, and IoT Devices.

Malware developers have figured out ways to spread an enormous botnet of more than 40,000 on the infected web servers, modems, and other IoT gadgets, which they exploited for cryptographic money mining, and for redirecting users to malicious third-party websites.

Named as Prowli and found by the GuardiCore security group, this botnet campaign is a unique operation that depends on vulnerabilities and credentials exploit kit to infect and gain control over the devices.

Also Read: Malware infects about 75% of Open Redis Servers (Latest News)

How does Prowli Malware spread?

The following categories of servers and devices has been infected by the Prowli malware in recent months:

  • WordPress sites (via brute-force attacks on admin panel and with several exploits)
  • Joomla! sites running the K2 extension (via CVE-2018-7482)
  • Various models of DSL modems
  • Servers running HP Data Protector (via CVE-2014-2623)
  • PhpMyAdmin installations, NFS boxes, Drupal, and servers with exposed SMB ports (all using brute-force credentials prediction)

Besides, the Malware group additionally runs an SSH scanner module that endeavors to figure the username and passwords of devices that reveal their SSH port on the Internet.

Get peace of mind! Get rid of malicious programs instantly

Free Malware Scan Compatible with Win 10,8.1,8 & 7

Cyber-criminals deploy crypto miner, backdoor, SSH scanner

When servers or IoT gadgets have been affected, the Prowli malware analysis whether it can be utilized for hefty digital currency mining operations.

Those that can be utilized further are infected with a Crypto miner and the r2r2 worm, a malware strain that performs SSH brute-force attacks from the hacked devices, and aides the Prowli botnet extend with new users.

Moreover, CMS stages that are utilized to run sites get unique treatment, since they are likewise infected to create a backdoor (the WSO Web Shell).

Cyber-criminals utilized this web shell to alter the compromised sites to have noxious code that diverts a portion of the website's guests to an activity conveyance framework (TDS), which at that point leases the hijacked web traffic to other cyber-criminals redirecting users to malicious third-party websites, for example, fake update sites, tech support scams, and more.

As indicated by GuardiCore, the TDS system criminals worked with was EITest, otherwise called ROI777. That administration has been brought around digital security firms in April after ROI777 was hacked in March and a portion of its information dumped on the web. In any case, this doesn't appear to have ceased Prowli, which kept on working onwards.

Breaking News: Microsoft Reportedly Acquires GitHub For $7.5 Billion

A revenue generating machine

The complete overview, as indicated by specialists, is that the whole Prowli campaign was purposefully composed and advanced to maximize the profit for its developers.

Within its lifetime Prowli malware impacted more than 40,000 servers and devices located on the systems of more than 9,000 organizations.

Prowli worked without segregation and made casualties everywhere throughout the world and paying little respect to the hidden stage.

The GuardiCore report on the Prowli group contains indicators of compromise and other details that system administrators can utilize to determine if their IT network has been compromised by this threat.

Are you worried about your PC health?

Check your PC Health for Free!

Powered By:howtoremoveit.info Run Free Scan


Tips to Prevent virus and malware from Infecting Your System:
  1. Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
    So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for ChromeMozilla, and IE
  2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
  3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
  4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
  5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool

Newsletter

Are your devices Secure?

Best Anti-Malware program in 2018

ad_computer_work
Start Scan Now  Download Time: less than 1 minute
× Zoom Image
×

1

indicatorImg_logo
mlcsetup
2

3

1

2

3

1

2

3