GuardiCore Security Discovers Malicious Traffic Manipulation Campaign
The attack on computers leads to loss to victims
Security analysts at GuardiCore Labs have discovered a malicious cryptocurrency mining and traffic manipulation malware called campaign Prowli.
Hackers behind Prowli used various attacks to gain access to their victims’ computers and installed tools to attack more users accessing the computers. Prowli used different techniques to exploit their victims. According to GuardiCore, some of methods include brute-force attack on passwords and weak configurations. Through them, the hackers were able to gain access to several platforms. The main targeted platforms are backup servers running HP Data Protector, web servers, and CMS servers hosting popular websites. Other than the attacks on the servers, the report shows that the Prowli campaign targeted devices such as DSL modems and IoT devices. Further, the hackers infected the computers with r2r2 Monero XMR mining malware. The malware was used to execute SSH brute-force attacks on the infected machines.
Attacks similar to GuardiCore’s reveal
In addition to infecting the computers, the cybercrooks installed malicious codes that were used to redirect traffic to a fake traffic distribution system. Once on the fake systems,users were redirected to malicious websites. Here, they clicked on and installed fake browser extensions and visiting fake sites advertising tech support and other fake services. From the SSH malware attack communicating with a C&C server, GuardiCore Lab Global Sensors Network (GGSN) was able to take note of several attacks working in the same way. The attack on the devices confirmed suspicions by GuardiCore security experts. They therefore dug deeper into the malware consequently unearthing the operations.
Later on, they discovered that the attacks came from over 180 IPs spread across different countries. On further investigations, the reports also show that several other multiple services were attacked, each from different companies. Among the services affected were from the government, finance and education industry. The recent cyber-attack discovered by GuardiCore is not an isolated case. Another discovery was made by the 360 Total Security firm last month dubbed the WinstarNssmMiner malware.
The recent malware used a new technique that enabled the hackers to mine 133 Monero tokens from half a million computers. This is a major threat to the cryptocurrency industry. However, security firms such as GuardiCore and 360 Total Security have braced themselves to take them head on in a bid to protect users against cyber-attack.