Report: ‘Cyberpunk 2077’ devs refute claims they didn’t know about critical bugs due to mishandled QA testing
CryptoJackers Strike Again: Malware Compromises 40,000 Devices
Yet another malware attack has been reported involving illegal crypto-mining operations. Dubbed "Operation Prowli," the attack managed to infect over 40,000 machines in various sectors, including education, government and finance.
Prowli employed a variety of protocols to force the malware into devices like modems, web servers and Internet-of-Things (IoT). Security team GuardiCore reported that the attack’s ultimate goal was to make money rather than espionage or ideology, Cointelegraph reported.
Devices that were hit by the attack were infected with a Monero (XMR) miner and what’s called an r2r2 worm, a malware capable of executing SSH brute-force methods. To expand, the process of attack involved randomly creating IP addresses where r2r2 then tried to brute-force SSH logins using a user/password dictionary. After successfully infiltrating the device, it ran multiple commands that initiated the mining process.
"The attacks all behaved in the same fashion, communicating with the same C&C server to download a number of attack tools named r2r2 along with a cryptocurrency miner,” GuardiCore said. Moreover, the cyptojacking activity also employed a web traffic redirection method to take victims to malicious sites.
The attackers achieved this by using an open source webshell called “WSO Web Shell,” which made infected sites host malicious codes. When a visitor is successfully taken to a fake site, they’re then tricked into accessing malicious browser extensions. According to GuardiCore developers, the large-scale cyber attack was able to infect over 9,000 companies.
Monero has been one of the leading digital coins used by cryptojackers in their attacks. Last month, Mac users were also infected by a crypto-mining malware that forced compromised machines to mine the Monero cryptocurrency. Fortunately, the malware’s design wasn’t sophisticated, so removing it was simple enough.
Another incident in the same month saw a crypto-mining malware infiltrate some half a million computers to digitally mine 133 Monero tokens in three days. Called the WinstarNssmMiner, the malware was quite the piece of work as it was able to mine and crash the machines it managed to compromise.