A new multi-functional malware family detected as Proteus can transform the computers of infected users in proxy servers, can mine for various types of crypto-currencies, can log keystrokes, and check the validity of stolen online accounts.
Detected by security researchers from Fortinet, this new malware family is written in .NET and current evidence reveals that crooks are using the Andromeda malware/botnet to drop Proteus on victims’ computers.
While not as complex and widespread as Andromeda, Proteus shares features with this ancient botnet, because it also uses a central command control (CC) server to control the malware’s actions on infected bots.
Also similarly to Andromeda, Proteus can download modules and even other malware in later stages, to diversify its attack arsenal.
Proteus is a multi-faceted threat
Currently, Fortinet researchers have spotted the Andromeda botnet drop and execute a file named chrome.exe on infected machines. This installs the Proteus malware, which immediately starts an encrypted communication channel with its CC server.
The Proteus malware current version number is 2.0.0, and it can perform the following actions:
- Creates a socket and set up port forwarding in order to relay malicious traffic through the infected machine, which now acts like a SOCKS proxy.