❰ Back to Blog

5 Things You Need to Know About Proteus Malware

Everyday, about one million new malware threats are released. Many of them will fall by the wayside without causing much damage. But some will leave a malicious mark in the memory of CIOs and CISOs everywhere. An example of such a cyberthreat is Proteus malware, a cousin to the well-known Andromeda botnet. Here’s what you need to know about this multi-functional menace:

1. It Steals Your Cryptocurrency

According to Bleeping Computer, Proteus can mine for cryptocurrency using SHA256 miner, CPUMiner and ZCashMiner, all of which leverage the local PC’s GPU or CPU to steal Bitcoin, Litecoin, Zcash, and other forms of cryptocurrency. On the surface, theft of cryptocurrency may not seem like a big deal, but it really is. An increasing number of banks are preemptively purchasing cryptocurrency so they can more quickly deal with ransomware mitigation. Thanks to Proteus, having cryptocurrency is just as much of a liability as not having it.

2. It Turns Your Computer into a SOCKS proxy

A socket secure (SOCKS) proxy acts as an intermediary that relays traffic between a server and a client for any type of network protocol. Proteus essentially enables your computer to do this, meaning that malicious traffic can pass freely through an infected system. In essence, Proteus transforms one of your business endpoints into an open door for cybercriminals. And to that end, Proteus is able to download and execute other types of malware that can be used against a host.

3. It Verifies Stolen Credentials

Some cybersecurity experts contend that Proteus’ primary or at least most intriguing purpose is to test the validity of stolen login credentials. These are typically for e-commerce sites such as Amazon and streaming services like Netflix. In addition to allowing hackers create a “master list” of stolen login credentials by evaluating them for use, this makes it possible to extract personally identifiable information from working accounts.

Proteus can verify stolen credentials, and then steal new credentials using its keylogger feature.

4. It Logs Your Key Strokes

Keyloggers are some of the most dangerous types of malware because their goal is the silent extraction of sensitive information that can then be used against a victim later on. This includes login credentials for accounts that may contain PII. In other words, Proteus can steal login credentials, verify them on a continuing basis, use them to extract PII and then if need be, route that PII to a remote client. In other words, it’s a data-stealing machine.

5. It Can be Be Beaten

This multi-faceted strain of malware, which the SecurityIntelligence blog refers to as “the jerk of all trades, master of none,” is impressive, but it’s hardly the most complex or dangerous strain of malware we’ve come up against. It’s really just a matter of knowing how to beat it.

Contact Faronics today to learn more.

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape changes our lives, and what we can expect in the future.