Prowli is a campaign that employs a variety of worms, software vulnerabilities, Trojans, and attack methods for modifying your Web-browsing traffic and running non-consensual cryptocurrency miners. While malware experts judge business networks and servers as being at the most risk of an attack, this operation's infection vectors aren't specific to any individual industry. Users seeing any of the symptoms described in its article should let their anti-malware products remove all Prowli software and related settings from their computers.
Criminals Making Money from Any Business They can Breach
New threat actors are administrating a campaign that's taking over Windows PCs in the business sector without discrimination between different industries, with the motive focusing on generating money consistently. The campaign, Prowli, uses a cocktail of various threatening software types, including self-duplicating worms and browser hijackers, for creating the Monero currency and monetized Web traffic. The infection methods at play also use multiple strategies, according to what's most convenient for different targets.
The Prowli attacks use both old, well-known and brand-new Black Hat software and vulnerabilities for compromising different PCs, as well as Internet-of-Things (or IoT) devices. Current estimates by malware experts place the number of compromised systems at tens of thousands, with individual companies impacted at nine thousand. Since the infections employ attacks that hijack resources and online traffic without showing any notable symptoms, alerts from security software are the best flag available to the Prowli's victims.
Malware researchers are emphasizing the following threats as top-priority risks from Prowli infections:
- This campaign drops the Golang-based r2r2 worm as a primary component of its payload, which creates copies of itself and runs a Monero-mining program that uses the infected PC's hardware automatically.
- Many of the infection strategies Prowli uses (see this article's second half) also grant the threat actors an unsafe degree of control over a PC, IoT device or website. Any information, including logins, should be taken for granted as compromised.
Putting Prowlers in Unprofitable Places
Secure passwords are valuable defenses against the brute-force techniques that form one-half of Prowli's primary infection strategies. Passwords with simple, short, default, or easy-to-guess strings can lead to criminals gaining complete, backdoor access to a PC and the rest of its network. Poor server configuration settings and software vulnerabilities, such as those found in outdated versions of WordPress, also are instigating factors. Server admins installing all security updates are at less risk of suffering from an attack. Due to the diversity of threats associated with this campaign, victims should have their anti-malware software removing all Prowli infections during full system scans of the machine before changing their passwords.
Thanks to researchers, the public now has access to detailed analyses of how the Prowli campaign works and what its operational motivators are. Lamentably, these details also show that thousands of businesses and website owners, still, aren't implementing some of the most basic security practices.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Prowli may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.