Security Experts Identify Dangerous Proteus Malware

Security researchers have identified a very dangerous new malware family known as Proteus which can cause a lot of damage to the infected hosts. Read on to learn more about the threat.

Watch Out For The Proteus Malware!

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

A new dangerous Proteus malware has been identified by security researchers. Upon infection it can transform the victim computers into proxy servers used in other attacks, crypto-currency mining, keystroke logging and other types of damage.

The initial detection was done by Fortinet’s security team and according to their analysis the malware is made using the .NET framework and the Andromeda botnet. Proteus uses a central C&C remote malicious server which is used to control the infected hosts. The malware family can also download additional payloads such as other malware threats and ransomware to the infected computers.

The virus is distributed using the Andromeda botnet via an infected binary named chrome.exe. Upon infection an encrypted communication is started with the remote C&C server which starts to transmit commands to the host.

The currently identified version of Proteus is named 2.0.0 and it has the following capabilities:

  • The virus can create a network socket and port forwarding rules to relay malicious traffic through the infected hosts. This creates a malicious SOCKS proxy server which can be exploited to spread further malware to various other targets.
  • The Proteus malware can deploy a crypto-currency miner from a wide range of software – SHA256, CPUMiner or ZCashMiner. They can be used to mine Bitcoin, Litecoin, Zcash or another currency and the CPU or GPU may be utilized.
  • The malware can check if the passwords that are stolen from the user accounts can be used in various online services such as Amazon, eBay, Spotify, netflix on some German (.de) domains. The profiles from the harvested credentials can be transmitted to the malicious users.
  • The virus has the ability to install, configure and execute a keylogger.
  • Proteus can download and execute other payloads on the host system.

The bots are able to contact the remote malicious C&C servers to check if the harvested data can be used for various online services. This is very dangerous as such behavior can be used not only to gain access to various social networks, email inboxes and even online banks. The hackers can use this not only to steal valuable and sensitive data but to also steal the identities of the victims. Furthermore if they get access to the email accounts of the computer owners they can use them to send the malware via email messages which will appear as legitimate.

The security analysis shows that the bots ask for account information and perform the checks at regular intervals. The following online services can be checked by Proteus: Email accounts, Ebay, Otto, Amazon, Packstation, Netflix, SPotify, Zalando and Breuninger.

The extracted information returns the following types of information from the harvested data to the servers:

  • User ID
  • Name of the user
  • Street Address
  • Postal Code and City
  • Country
  • User Feedback
  • Feedback Score
  • Account registration date
  • Type of User Account

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *