The software from Prowli Infected more than 40,000 Devices and Used them for the Cryptocurrency Mining
As it became known on June 6, the GuardiCore team revealed a hacker attack on the system, which allowed hackers to use equipment for the production of cryptocurrency. During the attack, 40,000 machines were damaged, working in various organizations in the areas of finance, education and the government sector.
Using methods such as exploits and password problems, Operation Prowli was able to distribute malware on various devices, including servers, modems and the Internet of the Things (IoT). As reported by GuardiCore, the attack was aimed at gaining access the variety of equipment for the production of cryptocurrency.
It became known that the devices were used for the production of Monero (XMR). To access the devices, the worm r2r2 was used, which allows not only access to the equipment but also with its access to other devices. GuardiCore reported that:
“The attacks all behaved in the same fashion, communicating with the same C&C server to download a number of attack tools named r2r2 along with a cryptocurrency miner.”
Also, the open source shell “WSO Web Shell” was used, which allowed placing malicious files on websites. As soon as the file got into the system, it redirected users to the site to distribute traffic and to other malicious sites. According to the data, during the attack, more than 9000 companies were compromised.
This post is also available in: Русский