DailyPost 621


While we fathom out nature and dimensions of one hack, newer ones pose challenges, way beyond the past one. The hackers passion for research & deliver from their point of view is making the cyber world a veritable mine field. Cyber researchers are doing yeomen service to discover dark alleys of cyber world. The latest one is Prowli & is discovered by the GuardiCore Security team.

Through this operation the cyber criminals have successfully assembled a gigantic botnet of over 40,000 infected web servers, modems & IoT devices and used it for crypto currency mining & for redirecting unsuspecting users to malicious sites. A diverse botnet operation relying on vulnerabilities & credentials brute force attacks to infect the devices & take over. These types of crypto-jacking attacks are escalating.

Over 9000 companies have already been victimised. Prowli was first identified on 4th of April, 2018, when a group of secure-shell (SSH) attacks were found to be communicating with command- and- control (C&C) server. Attackers were behaving in a similar manner, having a communication with the same C&C server. The purpose was to download a number of attack tools named r2r2 along with a crypto currency miner. Hacking for crypto currency mining. This is a financially motivated indiscriminate attack going against domains exposing wide range of services to the internet. Prowli exploits known vulnerabilities across WordPress, Joomla!, SMB & even some DSL modems. The attackers even take over accounts in large-scale public computing environments

As known vulnerabilities are exploited, so automated patching ought to happen with continuous assessment & remediation. The network traffic has to be vigorously examined, which would help users to discover if they are infected. Segmentation is a good practice. ”Monitoring connections would easily show compromised devices communicating with crypto currency mining pools.”


Sanjay Sahay

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top