The threat intelligence team at Cisco Systems discovered a new cryptojacking botnet named “Prometei.” This botnet both mines Monero (XMR) and steals data from the targeted system.
According to the paper sent to Cointelegraph, the botnet has been active since May. It relies on 15 executable modules to recover administrator passwords from the infected computer.
Password validity is verified by sending them to a control server connected to other networks. Once the malware has obtained access to the user’s administrative rights, it proceeds to record all data contained within the system.
Cisco Talos estimates this botnet may contain up to 10,000 systems at any point in time. As of today, the botnet is still running with a hash generating frequency of more than 1M Hash/sec (million hashes per second).
Level of threat
Speaking with Cointelegraph, Vanja Svajcer, a researcher at Cisco Talos, stated that Prometei earns its owner around 1500 USD per month.
Svajcer clarified that although this does not sound like much compared with other quoted figures, “it comfortably earns well over an average salary in some countries.”
Svajcer explained to Cointelegraph:
“Stealing credentials is the most dangerous part of the Prometei botnet. You could consider the attacker with its bot being a burglar in your home. Naturally, the burglar searches all the drawers and finds various keys. They take keys with them and ask somebody else (another infected system) to check if any of the keys work on your car, safe deposit box etc. Obviously, when criminals break into a house it opens up a whole new set of opportunities. It is very similar with this botnet.”
The study states that Prometei makes a moderate profit for a single developer that is “most likely based in Eastern Europe.”
Cointelegraph recently reported on malware that targets old vulnerabilities in the Windows operating system in an effort to mine Monero.