guardicore-operation-prowli-crypto-mining-malware

Prowli Crypto-Mining Operation Infects More Than 40,000 Machines Worldwide as CryptoJacking on the Rise

The security company GuardiCore has discovered a malicious manipulation of traffic and a mining campaign of cryptos, which was announced on June 6.

The campaign called “Operation Prowli” infected more than 40,000 machines in various industries, including the financial, education and government sectors. To achieve its goal, this malicious campaign uses various techniques such as exploits and brute force passwords to spread its malware and take over devices such as web servers, modems and Internet-Of-Things (IoT) devices.

GuardiCore found that the attackers behind Prowli were focused on making money rather than on ideology or espionage. The compromised devices were reportedly infected with a Monero (XMR) miner and the r2r2 worm, a malware that executes SSH brute-force attacks from the hacked devices and backs the Prowli to affect new victims.

In other words, by randomly generating IP address blocks, r2r2 attempts to log with brute force SSH from a user/password dictionary, and after logging executes a series of commands on the victim.

The idea behind CryptoJacking malware is that they can utilize (ultimately in this case steal) idle computer power and turn it into mining a coin of their choice (usually Monero). There are services like CryptoJacking Test in which you can test to see if your web browser has been infected by malware related to cryptocurrency mining. You can also look into NoCoin and MinerBlock which help block these types of services from penetrating your system.

GuardiCore announced:

“The attacks all behaved in the same fashion, communicating with the same C&C server to download a number of attack tools named r2r2 along with a cryptocurrency miner.”

operation prowli crypto mining hacker

Modus Operandi

Cybercriminals use an open source web shell called “WSO Web Shell” to alter compromised websites to host malicious code that redirects visitors to a traffic distribution system, which in turn redirects them to other malicious sites.

Once redirected to a fake website, users were victims of clicking on malicious browser extensions. GuardiCore team reported that Operation Prowli was able to engage more than 9,000 companies worldwide.

This has been a growing trend regarding Cryptocurrency Mining Botnets or CryptoJacking where they siphon your computer power and turn it into blockchain mining power. This is all part of the process (really ingenious) of the blockchain and how it is incentivized to contribute hashrate to support the global structure as well as mint new coins and blocks. We have saw the case with Drupal, Xbooster, ComboJack, Evrial, FacexWorm and Digimine as well as companies who are trying to help protect users and consumers like 360 Total Security.

This discovery by GuardiCore also comes on the heels of the ISACA saying Crypto Mining Malware has outpaced Ransomware attempts as of 2018 now.

Make sure you read our guide here for your own safety and personal reassurance:

How To Check Personal Computers For Cryptocurrency Mining Malware

Also here some additional related reading for your convenience.

Bitcoin Mining Hardware Profitability Calculator (Cost, Fees and Rewards)

Bitcoin Energy Consumption Index – How Blockchain Mining Power Works?

Genesis Mining vs MinerGate vs HashFlare vs NiceHash [Mining As A Service]

 

[FREE] Get Our Best Crypto Trading, Mining & Investing Hacks:

*Action Required* Enter Your Email To Get Insight For Trending Coin News & Reviews

I will never give away, trade or sell your email address. You can unsubscribe at any time.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

five × two =