Prometei Botnet Surges With New Malware, Palo Alto Says

Prometei Botnet Surges With renewed intensity as cybersecurity researchers from Palo Alto Networks report a sharp increase in activity since March 2025. The latest variant, targeting Linux systems, spreads rapidly through HTTP GET requests, delivering a UPX-packed 64-bit ELF file disguised as a .php script. Analysts say the botnet focuses on Monero mining and credential theft using a modular architecture that allows stealthy updates and evasive tactics.

Prometei Botnet Surges With enhanced capabilities including dynamic configurations, domain generation algorithms, and a backdoor enabling remote access. The malware collects system data—such as CPU, motherboard, and OS details—using Linux commands. First identified in 2020, Prometei exploits vulnerabilities like EternalBlue and SMB flaws to expand its reach. While financially motivated, researchers see no nation-state links. The latest variant is hosted on a Windows-based Apache server in Indonesia and requires custom unpacking due to an appended JSON trailer.

Read the full report at: https://securityaffairs.com/179303/cyber-crime/prometei-botnet-activity-has-surged-since-march-2025.html