Monero [XMR] mining machines cryptojacked by Operation Prowli
Monero [XMR] being mined by crypto hijackers using host’s operating system, which is,indeed, very alarming. More than 40,000 machines were infested by the virus by the latest cryptojacking attack. Guardicore has reported that Operation Prowli employing r2r2 worm attacked 9000 companies. Recently, BCFocus has reported about the the banning of Monero [XMR] and other altcoins by the Japanese regulators due to hacking of CoinCheck, a Japan based crypto exchange.
The operation is linked with the organisation of roi777 traffic monetisation that has remained active for a considerable span of time. The malware attacked the platforms which include primarily DSL modems, CMS servers and devices of internet of things.
IT experts have previously acknowledged them as susceptible to these attacks. HP Data Protector also serves as one of the targeted servers in the Operation Prowli. Another point of uniqueness is the use of a number of monetisation strategies, apart from cryptojacking. The users were redirected to illegal websites through traffic redirection including ICOs scamming and sites where virus download is feasible.
The virus while attacking the organisations did not discriminate on the basis of location, size or sector. Nearly, 67% of the servers characterised by open SSH port were frequently attacked. The targeted sites also include WordPress (8%), Drupal (3%), SMB (9%) and PHPMyAdmin (7%). 12% attack is directed towards services provided by college sector which calls for further rigid protocols to be implemented by universities. The computer services sector is affected by 25% by the Operation Prowli.
The old targets continue to remain exploited which is, indeed, a cause of concern. WordPress was previously targeted by forceful login to administrative panel. WSO Web Shell is hosted by those servers which have already been attacked. These machines are responsible to run the highly susceptible WordPress versions.
The cybercriminals find cryptojacking more beneficial for their purpose than attack by Ransomware. Also, machines with compromised security are allotted for mining Monero with an altogether different traffic monetisation. WinstarNssmMiner was employed to hijack 500,000 computers for mining Monero. With time, there is a significant increase in cryber crimes with hackers applying innovative approaches.
Image via Shutterstock
Join our Telegram group