Security News > 2021 > August > A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service
Multiple cybercriminal groups are leveraging a malware-as-a-service solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S. Dubbed "Prometheus TDS" and available for sale on underground platforms for $250 a month since August 2020, the service is designed to distribute malware-laced Word and Excel documents and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News.
More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominent verticals targeted by the attacks.
"Prometheus TDS is an underground service that distributes malicious files and redirects visitors to phishing and malicious sites," Group-IB researchers said.
"This service is made up of the Prometheus TDS administrative panel, in which an attacker configures the necessary parameters for a malicious campaign: downloading malicious files, and configuring restrictions on users' geolocation, browser version, and operating system."
Besides distributing malicious files, researchers found that Prometheus TDS is also used as a classic TDS to redirect users to specific sites, such as fake VPN websites, dubious portals selling Viagra and Cialis, and banking phishing sites.
"Operators of such sites often have affiliate and partnership programs. Partners, in turn, often resort to aggressive SPAM campaigns in order to increase the earnings within the affiliate program. Analysis of the Prometheus infrastructure by Group-IB specialists revealed links that redirect users to sites relating to a Canadian pharmaceutical company."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/mi7rIHIlOWw/a-wide-range-of-cyber-attacks.html
Related news
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
Related vendor
| VENDOR | LAST 12M | #/PRODUCTS | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| Prometheus | 5 | 0 | 4 | 3 | 0 | 7 |