ProtonBot
ProtonBot is a Trojan loader that is being sold on hacking forums for the relatively low price of just $50 – this is certainly one of the reasons why it appears to be preferred by so many cyber criminals. Other notable loaders, such as Smoke, end up costing $200-$300 while they offer features very similar to ProtonBot. ProtonBot provides its customers with an easy-to-navigate control panel, as well as with support from the author himself.
Malware researchers tracking the ProtonBot’s activity have noticed that it has been in several large-scale campaigns that aimed to spread different malware to the compromised hosts – the Qulab Clipper, cryptocurrency miner Trojans and several different Remote Access Trojans. What is interesting about the ProtonBot is that it also packs some harmful features in addition to the ability to load threatening payloads on the infected computer.
When the ProtonBot is initialized on a computer, it will check if this is the first time this malware has been used on the compromised host, therefore ensuring that the attacker will not end up with two conflicting pieces of malware on the same computer. If there are no other copies of ProtonBot found, the loader will proceed to acquire persistence by setting up a scheduled task that is launched whenever Windows starts.
When the whole thing has been set up successfully, the attacker can command ProtonBot through the control panel. Some of the primary tasks that ProtonBot can handle are:
- Self-update and self-removal.
- Load Batch or Visual Basic scripts.
- Load PowerShell commands.
- Replace the victim’s wallpaper.
- Load HTML pages.
ProtonBot’s main module has the ability to execute two interesting tasks – modify or collect clipboard data, and launch Distributed-Denial-of-Service attacks. The ProtonBot Clipper module may enable the attackers to identify and replace the wallets used by these cryptocurrencies – Bitcoin, Dash, Zcash, Ethereum, Dogecoin and Litecoin automatically. By doing this, they may end up seamlessly hijacking a victim’s transaction by replacing the wallet address of the recipient.
Affordable malware is certainly bad news since this means that it will attract a large customer base that may end up exposing hundreds of thousands of computers to potentially threatening files. Protecting your system from ProtonBot and the malware it brings can be done with the use of an up-to-date anti-malware solution.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.