Linux servers subjected to resurgent Prometei botnet intrusions

Attacks with updated versions of the Prometei botnet have been targeted at Linux servers as part of cryptocurrency mining operations between March and April, according to GBHackers News.

Despite being mainly used for mining Monero and other cryptocurrency, Prometei's latest iterations have been integrated with remote control backdoors, domain generation algorithms, and self-updating capabilities to allow credential exfiltration and further payload delivery, a report from Palo Alto Networks Unit 42 researchers revealed. Utilization of Prometei also enabled the pilfering of host devices' system details, including OS data, processor information, and uptime analysis. Additional findings showed that the new Prometei variants have also sought to hinder static analysis efforts by using Ultimate Packer for eXecutables compression, as well as tricky file naming conventions. Such findings come almost half a decade after the botnet was initially discovered to be targeting systems running on Windows.