A new malware, dubbed "Operation Prowli" has been found targeting servers, routers and other devices around the world, this malware uses various attack techniques to breach its intended systems, including the utilization of exploits, password brute-forcing, and abuse of weak configurations.
This new malware is a botnet, and was discovered by researchers at the "GuadiCore" security team. Prowli has already hit 40,000 victim machines from over 9,000 businesses in a various sectors.
The list of infected services and machines are as follows:
---Sh7nk-Z0id
This new malware is a botnet, and was discovered by researchers at the "GuadiCore" security team. Prowli has already hit 40,000 victim machines from over 9,000 businesses in a various sectors.
The list of infected services and machines are as follows:
- Drupal and WordPress CMS servers hosting popular websites
- Joomla! servers running the K2 extension
- Backup serves running HP Data Protection software
- DSL modems
- Servers with an open SSH port
- PhpMyAdmin installations
- NFS boxes
- Servers with exposed SMB ports
- Vulnerable Internet-of-Things (LoT) devices
---Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011