Security researchers have uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world.
Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code to take over servers and websites around the world using various attack techniques including use of exploits, password brute-forcing and abusing weak configurations.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
Here’s the list devices and services infected by the Prowli malware:
- Drupal and WordPress CMS servers hosting popular websites
- Joomla! servers running the K2 extension
- Backup servers running HP Data Protector software
- DSL modems
- Servers with an open SSH port
- PhpMyAdmin installations
- NFS boxes
- Servers with exposed SMB ports
- Vulnerable Internet-of-Thing (IoT) devices
Read more: The Hacker News