Operation Prowli infects 40000 machines that are used for mining crypto
The GuardiCore security team has discovered a dangerous traffic manipulation and cryptocurrency mining campaign, according to an announcement published June 6. The campaign infected over 40,000 machines across various industries, including finance, education, and government.
The campaign called Operation Prowli used various techniques like exploits and password brute-forcing to spread malware and take over devices, such as web servers, modems, and Internet-of-Things (IoT) devices. GuardiCore found that the attackers behind Prowli were focused on making money rather than ideology or espionage.
According to the report, the compromised devices were infected with a Monero (XMR) miner and the r2r2 worm, a malware that establishes SSH brute-force attacks from the hacked devices, and backs the Prowli to affect new victims. In other words, by randomly generating IP address blocks, r2r2 tries to brute-force SSH logins with a user/ password dictionary, and after breaking in runs a series of commands on the victim.
Last month, a new piece of cryptojacking malware used half a million computers to mine 133 Monero tokens in three days. Cyber security firm 360 Total Security discovered that the malware, referred to as WinstarNssmMiner, presents a fresh challenge to users, due to its capability to both mine and crash infected machines.
Source: