Like a Swiss Army knife, a newly discovered botnet malware called Proteus has been found to serve an eclectic variety of functions, including mining digital currency, keylogging, checking infected machines for e-commerce merchant accounts, creating unauthorized proxies and dropping additional malware.
“All of this in one botnet may be even more harmful than one might first think, as it could download anything and execute it in the infected host,” warned a blog post on Monday from cybersecurity company Fortinet, whose researchers discovered the malware.
The multifaceted malware is delivered via the Andromeda botnet, according to Fortinet, and arrives in obfuscated form, dropping a copy of itself in the %AppData% folder as chrome.exe and then executing a copy. Proteus communicates with its command-and-control server using symmetrical encryption, conveying the affected machine's attributes including processor, BIOS and baseboard information in order to create a distinct fingerprint for the device.