March 22, 2023

Dubbed “Prometheus” Malware as a service used by cybercriminals that available for sale on underground platforms for $250, the service is a Traffic Direction System (TDS) that’s designed to distribute malware-laced Word and Excel documents, and divert users to phishing and malicious sites.

More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominent verticals targeted by the attacks.”This service is made up of the Prometheus TDS administrative panel, in which an attacker configures the necessary parameters for a malicious campaign: downloading malicious files, and configuring restrictions on users’ geolocation, browser version, and operating system.”

This service is made up of the Prometheus TDS administrative panel, in which an attacker configures the necessary parameters for a malicious campaign: downloading malicious files, and configuring restrictions on users’ geolocation, browser version, and OS.

The service is also known to employ third-party infected websites that are manually added by the campaign’s operators and act as a middleman between the attacker’s administrative panel and the user. To achieve this, a PHP file named “Prometheus.Backdoor” is uploaded to the compromised website to collect and send back data about the victim.

The attack scheme commences with an email containing a HTML file, a link to a web shell that redirects users to a specified URL, or a link to a Google Doc that’s embedded with an URL that redirects users to the malicious link that when either opened or clicked leads the recipient to the infected website, which stealthily collects basic information and then forwards this data to the Prometheus admin panel.

The administrative panel takes responsibility for sending a command to redirect the user to a particular URL, or to send a malware-ridden Microsoft Word or Excel document, with the user redirected to a legitimate site like DocuSign or USPS immediately after downloading the file to mask the malicious activity.

Besides distributing malicious files, researchers found that Prometheus TDS is also used as a classic TDS to redirect users to specific sites, such as fake VPN websites, dubious portals selling Viagra and Cialis, and banking phishing sites.

Tags:

Leave a Reply

Related Post

Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023

You may have missed

Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
%d bloggers like this: