Security News > 2021 > August > Prometheus: The $250 service behind recent malware attacks
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks.
Among the malware families that Prometheus TDS has dished out so far are BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader, all of them commonly used in intermediary attack stages to download more damaging payloads.
Researchers at cybersecurity company Group-IB found that the Prometheus TDS malware-as-a-service operation is being advertised on underground forums since at least August 2020 for $250 per month.
When investigating the Prometheus TDS malware distribution campaigns, the researchers found dozens of malicious Office documents that delivered Campo Loader, Hancitor, QBot, IcedID, Buer Loader, and SocGholish.
The Group-IB Threat Intelligence team told BleepingComputer that they could not link the Prometheus TDS to ransomware attacks because they examined the malicious files in a virtual environment.
Whoever is behind Prometheus is also running another service called BRChecker - a password brute-force tool, which shared the infrastructure used by the TDS service.
News URL
Related news
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)