Prowli
Prowli is a malware program that has been used to compromise various devices around the world, including servers and computers, but also smart devices connected to the Internet, which may not be computers for home or business use necessarily. This could include various boxes and modems, as well as vulnerable devices running operating systems vulnerable to the Prowli attack. The following are some of the various devices that are vulnerable to the Prowli attacks, as reported by PC security researchers:
- Backup servers running HP Data Protector software
- DSL modems
- Drupal and WordPress CMS servers
- Joomla! servers running the K2 extension
- NFS boxes
- PhpMyAdmin installations
- Servers with an open SSH port
- Servers with exposed SMB ports
- Vulnerable Internet-of-Thing (IoT) devices
Table of Contents
The Worm Related to Prowli can Increase the Infected Devices
There are two components that are part of Prowli; a worm known as R2R2 that mines Monero on the affected computer and can be used to expand the number of devices affected by Prowli, carrying out additional attacks. The other component associated with the Prowli attack is an adware component that is used to monetize the compromised devices, forcing the device to visit websites containing advertisements to generate advertising revenue. This means that Prowli can generate revenue in two different ways for its controllers: by mining Monero using the affected device's resources and generating advertising revenue on the affected device.
How the Prowli Campaign Spreads
Prowli seems to spread to new devices by using brute force techniques, exploiting weak passwords, and by taking advantage of devices with out of date firmware. Because of this, one of the best preventive measures against Prowli is to update all firmware and apply all security patches and updates. It is also imperative to use strong passwords and to monitor who and what has access to your devices carefully. Computer users should use an up-to-date, effectual security program to scan potential targets and ensure that they are protected from malware like Prowli adequately.
Prowli Has Already Spread Quite Extensively
PC security researchers have noted that Prowli integrates a gigantic botnet, a network of infected devices that includes more than 40 thousand servers and affected devices around the world. Prowli has spread throughout these devices by leveraging the power of its worm component and several techniques that include brute force attacks and exploiting weaknesses in the targeted computers. The 40 thousand devices affected by Prowli belong to more than nine thousand businesses and institutions around the world, including domains belonging to numerous education and government targets. Prowli's targets include businesses in the finance sector and various others in the public sector.
What is the Purpose of a Prowli Attack?
Because of the use of advertising components and cryptocurrency components, PC security researchers suspect that Prowli's main purpose is to generate revenue. This is significant because many, similar campaigns have been associated with state-sponsored attacks and espionage and data theft. In the case of Prowli, it seems that the main purpose of the attack is to make money at the expense of the victim by using the infected devices to mine for cryptocurrency (in this case Monero) and the affected devices to display advertisements and to connect to advertisements, inflating advertising revenue via this artificial method.
Protecting Your Devices from Threats Like Prowli
Prowli is not the first massive botnet PC security researchers have observed recently. Because of this, it is more important than ever that computer users take steps to protect their devices and data. The best protection against threats like Prowli is to have strong passwords and always keep devices and software up-to-date. A security program also should be used to prevent attacks.
