A new Prometei botnet variant has infected over 10,000 devices worldwide in the last six months.
The malware mostly targets victims in Brazil, Indonesia, and Turkey.
The botnet's infection works by having a PowerShell command be executed to download the botnet remotely.
- Botnet uses support modules spreader programs to spread the malware through Remote Desktop Protocol (RDP), Secure Shell (SSH), and Server Message Block (SMB).
- The variant deploys an Apache web server that can carry out infected files.
- The Prometei botnet has not targeted Russian entities, leading researchers to believe that the malware is administered by Russian threat actors.
- The malware was first tracked in 2016.
