The Prometei malware is allegedly using exploits for the Microsoft Exchange “ProxyLogon” security bugs, leveraging the exploits to install Monero-mining malware on targets. The operators behind Prometei are conducting copy-cat attacks similar to those of advanced persistent threat cyberattackers. The malware is exploiting two of the Microsoft vulnerabilities in order to drop cryptominers on its targets. The campaign is highly complex and sophisticated, according to researchers.
Although cryptojacking is the extent of the current attacks, researchers have warned that Prometei can offer attackers complete control over infected machines, meaning that attackers could do a significant amount of damage, steal information, infect endpoints with other malware, or deploy ransomware onto accessed devices. Prometei attacks have increased in a variety of industries, including constructions, finance, manufacturing, retail, travel, and utilities. The malware has been observed targeting the US, UK, and European countries, appearing to avoid targets in the former Soviet bloc.