Prowli Malware Has Infected More Than 40 Thousand Computers That Are Engaged in Mining
Specialists from the international IT company GuardiCore have identified the activities of manipulating traffic and digital assets. Thus, malicious software infected more than 40 thousand computers used in the field of finance and education. Some computers belong to the government sector.
Prowli Malware uses various methods, such as exploits and password interruptions, to spread malicious software. According to the report, the compromised devices were infected by means of the Monero (XMR) miner, as well as the r2r2 worm, which carried out attacks using SSH on hacked devices and supported Prowli Malware in order to work on the victims. Simply put, arbitrary generation of blocks of IP addresses allowed access to user passwords. Further, the launching of tools for mining took place.
The attackers also used a script called WSO Web Shell. It was designed to host code on sites that redirected users to the traffic distribution system. It is worth mentioning that this virus could penetrate 9 thousand computers.