This article has been created in order to help you by explaining how to detect and remove the Prowli malware from your computer system and how to protect it against Prowli in the future.
A new malware, going by the name Prowli has been detected by security researchers. The malware aims to attack websites and inject cryptocurrency mining script which results in using a vast amount of resources from the victim’s computer to mine for cryptocurrencies. The bad news here is that Prowly spreads from computer to computer and this botnet has now infected over 40 000 devices, which include servers, modems and even IoT devices to turn them into cryptocurrency miner slaves.
Prowli Malware – Distribution
The main methods via which this botnet is spread on users computers are believed to be via several exploits that are attacking WordPres and other sites on ready platforms, such as:
- CVE-2018-7482 (Joomla! With K2 extension).
- CVE-2014-2623 (HP Data Protector servers).
- Well-known exploits used in brute-force attacks.
- Drupal and PhpMyAdmin installations.
- NFS boxes.
- Servers with unsecured SMB ports (brute-forcing).
The Prowli hackers also use an SHH type of module which scans the SSH connection and aims to try and guess the username and password of devices which expose their SSH ports on the web. From there, the attackers may attack of the devices connected (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Vencislav Krustev. Read the original post at: https://sensorstechforum.com/prowli-malware-remove-pc/