The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.
October 24, 2024 By Nate Nelson
An 8-year-old modular botnet is still kicking, spreading a cryptojacker and Web shell on machines spread across multiple continents.
"Prometei" was first discovered in 2020, but later evidence suggested that it's been in the wild since at least 2016. In those intervening years it spread to more than 10,000 computers globally, in countries as diverse as Brazil, Indonesia, Turkey, and Germany, whose Federal Office for Information Security categorizes it as a medium-impact threat.
"Prometei's reach is global due to its focus on widely used software vulnerabilities," explains Callie Guenther, senior manager of cyber-threat research at Critical Start. "The botnet spreads through weak configurations and unpatched systems, targeting regions with inadequate cybersecurity practices. Botnets like Prometei typically do not discriminate by region but seek maximum impact by exploiting systemic weaknesses. [In this case], organizations using unpatched or poorly configured Exchange servers are particularly at risk."
