Prometei Botnet Description
Botnets have become a very profitable venture for cybercriminals due to their ability to utilize the infected systems' hardware resources. In the past, botnets were almost always dedicated to executing Distributed-Denial-of-Service (DDoS) attacks or handing mass email spam campaigns – however, modern botnet projects use a more sophisticated and stealthy approach. Instead of executing noisy attacks that gain a lot of attention, projects like the Prometei Botnet plant a trojanized cryptocurrency miner on the infected machines, and then use their hardware to mine for various cryptocurrencies such as the popular Monero (XMR.)
The Prometei Botnet was discovered only recently, but malware researchers suspect that this campaign has been executed for at least a few months. The operators of this botnet are likely to be experienced and skillful since they have managed to use the infamous EternalBlue exploit to increase their botnet's reach drastically. In short, the EternalBlue exploit takes advantage of a vulnerability in Windows' Server Message Block (SMB) service and allows malware to spread throughout a network laterally. The revenue that the Prometei Botnet generates via Monero mining increases as long as the size of the botnet continues to grow.
Apart from infiltrating systems, trying to spread laterally, and planting cryptocurrency miners, the Prometei Botnet also uses publicly available password recovery tools to try to collect the administrator passwords of infected systems. The tool used to hijack passwords is the well-known Mimikatz utility – a legit piece of software, which, unfortunately, is being misused by cybercriminals.
Currently, the Prometei Botnet is most active in Chile, Mexico, Brazil, Pakistan, China and the United States. The crooks are only using it to plant a cryptocurrency miner. According to an analysis performed by malware researchers, the Prometei Botnet may have hidden features that would double as a Remote Access Trojan.
It is clear that the Prometei Botnet is an elaborate and potentially threatening project that is growing rapidly. While the payload is still being studied, it is certain that you can protect your network from the Prometei Botnet by utilizing a reliable anti-virus security suite, as well as activating the Windows Firewall service.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Prometei Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.