Prometei Botnet Activity Spikes
securityweek
An updated variant of the Prometei malware is making the rounds, and activity associated with the botnet has surged over the past months, Palo Alto Networks reports.
A modular botnet initially discovered in July 2020, Prometei targets both Windows and Linux systems for infection, primarily for cryptocurrency mining and credential exfiltration.
The most recent version of the malware, however, includes a backdoor for additional malicious activities, integrates self-updating features, and relies on a domain generation algorithm (DGA) for command-and-control (C&C) server connectivity.
Prometei’s various modules allow it to brute-force administrator passwords, exploit vulnerabilities, move laterally, steal victims’ data, establish C&C communication, and mine for cryptocurrency (particularly Monero).
A February 2025 analysis of a recent malware sample revealed that it was achieving persistence by creating a service and a scheduled cron job, lacked a hardcoded mining pool, and could process additional commands received from its operators.
The latest iteration of ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE