Cryptojacking botnet Prometei was recently found to attack users and steal data from them.
The botnet can spread in multiple ways, such as using the Windows Server Message Block protocol (SMB) exploits, stolen credentials, WMI, and PsExec. It contains a payload added specifically to mine for Monero cryptocurrency, while it can also take data from the victim’s device.
Prometei mainly targets the SMB protocol to spread through the networks and systems. The botnet uses brute-force attack on the targeted system to steal credentials and sensitive data. The stolen passwords are shared to a CnC server by the botnet in order to verify the stolen data.
The botnet also mines for Monero cryptominer and uses various other tools to increase the number of systems participating in cryptomining attack. Prometei also uses 15 executable modules for obtaining the administrator password from the targeted computer.
When the malware manages to obtain access to the infected machine’s administrative rights, it starts stealing all the data stored on the device. The botnet can contain as many as 10,000 systems simultaneously and can steal from all of them.
NPAV recommends users to keep your cyber security measures updated and your guard up. Install NPAV in your devices to protect your system and networks from these attacks. NPAV offers best in class defence against all kinds of cyber attacks.
Use NPAV and join us on a mission to secure the cyber world.