Operation Prowli Infects 40,000 Machines

A new malware attack campaign known as Operation Prowli has so far infected 40k victim devices in over 9,000 businesses over areas ranging from including education, finance, to government. Prowli is an international threat which is circulating malware as well as malicious code to unsafe websites and servers.

In April, the Guardicore Labs researchers noticed a bunch of SSH attacks interacting with a command and control server and downloading attack tools named r2r2and a crypto miner. They investigated into it further after detecting that the attack campaign worked with instruments which were unknown to their system, infected networks across the world, and utilized binaries created to hit several services as well as CPU architectures.

After analyzing for more than three weeks, they reported a number of malware attacks similar to this occurring from over 180 Internet Protocols and various nations and companies. Prowli attacks services which include, WordPress sites, and servers with an exposed SSH port, DSL modems, exposed Internet of Things devices, Drupal CMS websites, and servers vulnerable to HP Data Protector Program. All are exposed to either remote pre-authentication attacks, or they allow attackers to force their way in.

What is CryptoJacking?

Cyber criminals or hackers have the capacity to target the websites which people visit and execute a malicious script. This has been done to several hundreds of sites, ranging from pizza stores to blogs, and also health organizations and government websites. Hackers insert crypto jacking scripts into advertisements, browsers such as Internet Explorer, various, and Apple applications. The ones who are running these websites and advertisements do not have any idea that they contain an undesirable script, especially the script which uses the viewer’s device for cryptocurrency mining.

Attacks like these are known as crypto jacking. It is made up of two words: cryptocurrency and hijacking. Therefore, cryptocurrency refers to stealing the processing power of a computer in order to make cryptocurrency and get a swift and untraceable gain. Cyptojacking refers to turning the user’s computer or any other web-enabled device into a cryptocurrency miner, without the user’s consent. It also endangers several thousands of websites and targets a number of vulnerabilities.

Manually disable Cryptomining in all web browsers

If you use several web browsers on your device and you know the website which is utilizing your computer to mine cryptocurrency, then you can block that website from your device permanently. If you use Windows OS, then for disabling specific crypto mining domains wholly, you need to edit the host file and completely block the domains. Open windows and go to system 32. Open the Drivers folder, and you can now edit the host file by right-clicking on it and opening it in the notepad.

Preventing CryptoJacking attacks is becoming a growing concern in the present digital setup. Moreover, crypto jacking can be attributed to the financial profits of crypto mining in the current time. Because of the severe effects of Cryptojacking on the device, the users are suggested to employ strategies to prevent cryptocurrency miner affecting their devices.

Apart from this, investing in a popular security software will be able to protect your devices from crypto jacking. Antivirus programs such as Norton have an exhaustive database of known viruses and malware which gets updated regularly. Therefore, they are effective in identifying and removing malware threats from the device.

Leave a Reply

Your email address will not be published. Required fields are marked *