Security News > 2023 > March > New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022.

Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation methods, some of which also include the exploitation of ProxyLogon Microsoft Exchange Server flaws.

The latest variant of Prometei improves upon its existing features to challenge forensic analysis and further burrow its access on victim machines, Cisco Talos said in a report shared with The Hacker News.

The attack sequence proceeds thus: Upon gaining a successful foothold, a PowerShell command is executed to download the botnet payload from a remote server.

Prometei v3 is also noteworthy for using a domain generation algorithm to build out its command-and-control infrastructure.

"This recent addition of new capabilities [indicates] that the Prometei operators are continuously updating the botnet and adding functionality," Talos researchers Andrew Windsor and Vanja Svajcer said.

News URL

https://thehackernews.com/2023/03/new-version-of-prometei-botnet-infects.html