Operation Prowli Profits On Weak IoT Devices, Servers | Threatpost | The first stop for security news
Researchers at Guardicore Labs, who called the campaign Operation Prowli, said it targets a variety of platforms – including Drupal CMS websites, WordPress sites, backup servers running HP Data Protector, DSL modems and vulnerable IoT devices.
“Victim machines are monetized using a variety of methods, relying on internet trends such as digital currencies and traffic redirection,” Gaurdicore Labs said in a post about the campaign, on Wednesday. “Traffic monetization frauds are quite common and are based on redirecting website visitors from their legitimate destination to websites advertising malicious browser extensions, tech support scam services, fake services and more.”
Guardicore researchers Ofri Ziv and Daniel Goldberg said they first discovered the campaign on April 4, when they noticed a group of SSH attacks communicating with a C&C server using GuardiCore deception technology.