Home Malware Programs Botnets Prometei Botnet

Prometei Botnet

Posted: July 23, 2020

Botnets have become a very profitable venture for cybercriminals due to their ability to utilize the infected systems' hardware resources. In the past, botnets were almost always dedicated to executing Distributed-Denial-of-Service (DDoS) attacks or handing mass email spam campaigns – however, modern botnet projects use a more sophisticated and stealthy approach. Instead of executing noisy attacks that gain a lot of attention, projects like the Prometei Botnet plant a trojanized cryptocurrency miner on the infected machines, and then use their hardware to mine for various cryptocurrencies such as the popular Monero (XMR.)

The Prometei Botnet was discovered only recently, but malware researchers suspect that this campaign has been executed for at least a few months. The operators of this botnet are likely to be experienced and skillful since they have managed to use the infamous EternalBlue exploit to increase their botnet's reach drastically. In short, the EternalBlue exploit takes advantage of a vulnerability in Windows' Server Message Block (SMB) service and allows malware to spread throughout a network laterally. The revenue that the Prometei Botnet generates via Monero mining increases as long as the size of the botnet continues to grow.

Apart from infiltrating systems, trying to spread laterally, and planting cryptocurrency miners, the Prometei Botnet also uses publicly available password recovery tools to try to collect the administrator passwords of infected systems. The tool used to hijack passwords is the well-known Mimikatz utility – a legit piece of software, which, unfortunately, is being misused by cybercriminals.

Currently, the Prometei Botnet is most active in Chile, Mexico, Brazil, Pakistan, China and the United States. The crooks are only using it to plant a cryptocurrency miner. According to an analysis performed by malware researchers, the Prometei Botnet may have hidden features that would double as a Remote Access Trojan.

It is clear that the Prometei Botnet is an elaborate and potentially threatening project that is growing rapidly. While the payload is still being studied, it is certain that you can protect your network from the Prometei Botnet by utilizing a reliable anti-virus security suite, as well as activating the Windows Firewall service.