By GoldSparrow in Botnets

ProtonBot is a hacking tool, which is gaining increasing popularity because of its low price. This Trojan loader can be acquired for just $50. Normally, Trojan loaders like the famous Smoke are sold for about $200 to $300 but do not offer very different capabilities to these of ProtonBot. Furthermore, the authors of ProtonBot have made sure to implement an easy to use interface so that even buyers with less experience would be able to navigate this hacking tool easily. The creators also provide technical support to the clients of ProtonBot. Having said all this, it is easy to see why ProtonBot is gaining traction in the hacking forums quickly.

Once ProtonBot lands on a system, it would scan it to find out if another copy of ProtonBot is already present on the PC. If the results are negative, ProtonBot will move on to set up a task, which would re-launch the threat every time the machine is rebooted. This is how ProtonBot gains persistence.

Two of the main features of ProtonBot are the ability to perform DDoS (Distributed-Denial-of-Service) attacks and the capability of acting as a clipboard modifier. The operator of ProtonBot could employ this Trojan loader to detect when a crypto-currency wallet's address is being copied by the victim and replace it with the crypto-currency wallet of the attacker without the user ever noticing. ProtonBot can detect wallets for Ethereum, Bitcoin, Dogecoin, Litecoin, Zcash and Dash.

ProtonBot is operated via the control panel, and it can perform a variety of tasks. This Trojan loader is able to remove itself from a system if necessary, and also update itself when scheduled. It can manipulate PowerShell and execute commands using it. ProtonBot is capable of loading Visual Basic scripts and Batch scripts. Alongside these features, this threat also can load HTML pages and change the wallpaper.

Cybersecurity experts have already detected several large campaigns where ProtonBot was employed. They involved the propagation of other threats such as RATs (Remote Access Trojans), Trojan crypto-currency miners and the Qulab Clipper mainly.

Dealing with ProtonBot can cost you dearly as this threat has quite the appetite for crypto-currencies. It is absolutely crucial to make sure you download and install a reputable anti-spyware suite and update it regularly.


Most Viewed