Operation Prowli Malware Infects Over 40,000 Machines, Which Were Used for Crypto Mining

The GuardiCore security team has discovered a malicious traffic manipulation and cryptocurrency mining campaign, according to an announcement published June 6. The campaign infected over 40,000 machines across various industries, including finance, education, and government.

The campaign called Operation Prowli used various techniques like exploits and password brute-forcing to spread malware and take over devices, such as web servers, modems, and Internet-of-Things (IoT) devices. GuardiCore found that the attackers behind Prowli were focused on making money rather than ideology or espionage.

According to the report, the compromised devices were infected with a Monero (XMR) miner and the r2r2 worm, a malware that executes SSH brute-force attacks from the hacked devices, and backs the Prowli to affect new victims. In other words, by randomly generating IP address blocks, r2r2 tries to brute-force SSH logins with a user/ password dictionary, and after breaking in runs a series of commands on the victim…

Read Full: Operation Prowli Malware Infects Over 40,000 Machines, Which Were Used for Crypto Mining