Operation Prowli manipulated more than 40,000 machines for cryptocurrency mining

According to a new advisory, the GuardiCore security team has discovered a malicious traffic manipulation group and cryptocurrency mining campaign that infected more than 40,000 machines across a variety of industries including finance, education, and government.

The campaign, dubbed Operation Prowli, used techniques such as exploits and brute-forcing cryptocurrencies to spread malware and take over devices such as network servers, modems and IoT devices. GuardiCore found that the biggest goal of the attackers behind Operation Prowli was to obtain large sums of money.

According to the report, the compromised devices were infected with a Monero miner and the r2r2 worm, a piece of malware that can perform SSH brute force attacks from compromised devices and enable "opportunistic operations" to impact new victims. In other words, through randomly generated blocks of IP addresses, r2r2 attempts to brute force SSH logins using the user's cryptocurrency private key and runs a series of commands on the victim after being compromised. GuardiCore wrote: All attacks were carried out in the same way, communicating with the same server to download some attack tools called r2r2 and a cryptocurrency miner.

Additionally, cybercrooks used an open-source URL called "WSO Web Shell" to modify compromised websites, redirecting website visitors to a traffic distribution system that then redirected them to various other malicious sites. Once redirected to a fake website, users fell victim to clicking on a malicious browser extension. The GuardiCore team reported that Operation Opportunistic successfully compromised more than 9,000 companies.

Last month, a new cryptocurrency hijacking malware used 500,000 computers to mine 133 million Monero coins in three days. Discovered and noted by cybersecurity firm 360, the malware, dubbed WinstarNssmMiner, poses new challenges to users in terms of antivirus due to its ability to destroy infected machines while mining cryptocurrency.