Malware-as-a-service (MaaS) provides a powerful malware solution for hackers. And Prometheus is the perfect example of such an infrastructure.

There’s money in everything and hacking is no different. But rather than extorting funds through ransomware, hackers can also design MaaS to generate some quick cash. MaaS takes the pain out of designing your own malware by offering a ready-made solution. And all you need to do is a pay a fee to use it. Typically, MaaS will give the user access to software which can distribute malware through malicious campaigns; this is exactly what Prometheus does.

As Prometheus, and all forms of MaaS, is so powerful, it’s important that you understand what it is and how to tackle it.

How Does Prometheus Work?

Prometheus has been available to purchase for a year now, with a subscription costing $250 per month. It uses two main attack strategies:

  • Distributing MS Word and Excel documents which are infected with malware
  • Using malicious links to divert victims to phishing websites

Subscribers to the Prometheus MaaS are given a central control panel from where they can launch their campaigns. From here they are able to configure various parameters to tailor their attacks e.g. targeting specific email addresses with a malicious call-to-action. Prometheus can also be used to assess potential victims. Using infected websites, Prometheus can collect data on visitors – such as IP address and user details – to assess which method of attack is best to launch. It’s a sophisticated form of hacking and one that requires high levels of awareness to combat.

It’s estimated that over 3,000 email addresses have been targeted by Prometheus as of this writing. These targets have included individuals in Europe and a number of government agencies and businesses in the US. While 3,000 potential victims may sound relatively small, it’s clearly best for every one of them to avoid it. And it is possible.

How to Combat Prometheus

Prometheus uses traditional methods to infect PCs with its malicious payloads, so it’s easy to avoid becoming a victim. All you need to do is practice the following:

  • Check All Emails: Malicious emails are very good at hiding the fact that they are malicious. Therefore, it always pays to quickly verify every email. Is the email address correct or is it a strange variation e.g. security@micros0ft.com? Is there an unusual and urgent call-to-action in the email such as a “click here before you lose access to your account” link? Anything suspicious should be queried with your IT team immediately.
  • Verify Links: It’s very easy to insert a malicious link into an email or website, so these need to be verified before clicking. For example, a link could be displayed as www.bankofamerica.com but hovering your cursor over this link will reveal the genuine destination. And this could be redirecting you towards a malicious website, so always verify your links.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More



Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

  • Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.
  • Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Hackers are innovative and industrious individuals, a description which is best demonstrated by their recent leverage of MSBuild to deliver malware.

The Microsoft Build Engine (MSBuild) is an open-source platform which allows software developers to test and compile their source codes. Operational since 2003, the platform has proved to be highly popular with developers and, accordingly, supports a large number of users. And it’s this popularity which has made it so attractive to hackers. By targeting these source codes at a development stage, the hackers are able to piggyback their malicious software into genuine software.

While your organization may not be involved in software development, there’s always the risk that you could end up working with software which is pre-loaded with malware. Therefore, we’re going to take a look at this MSBuild hack.

How are Hackers Infecting MSBuild?

Project files housed within MSBuild can be integrated within executable files which allow the hackers to launch their malicious payloads. But, as ever, hackers have been keen to remain stealthy; the infected payload does not run as a file. Instead, the malicious code is loaded into the PCs memory and it is here that the attack is launched. So far, it has been established that at least three forms of malware have been injected into systems via this approach. Redline Stealer, Remcos and QuasarRAT are the most recognisable forms of malware and have the potential to cause great damage.

Redline Stealer is primarily used as a data harvester and, as such, is mostly employed to steal login credentials and sensitive data. Remote access and surveillance, meanwhile, is the heartbeat of Remcos and allows hackers to hijack PCs remotely. Finally, QuasarRAT is another remote access tool and one which grants hackers full control of infected PCs. Naturally, these three malware variants are the last things you want on your system. And, given that they run filelessly and in the memory of a PC, it’s a threat which is difficult to tackle.

Protecting Yourself Against Memory Based Malware

Malware which operates from within the memory of your PC is difficult to tackle, but not impossible. Start by making sure you carry out these best security practices:

  • Monitor Network Activity: Regardless of whether a malware attack is file-based or fileless, there will be noticeable changes in your network activity. Any unusual spikes in data transfer or transmissions to unusual destinations should be investigated immediately.

Unfortunately, not all antivirus software can detect fileless malware such as that involved with the MSBuild hack. Conventional, file-based malware leaves behind digital footprints which are easy to detect, but this is not the case with fileless variants. In order to fully protect yourself, check with vendors whether their software has the capability to combat fileless malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Clubhouse is a social media app which is currently only available on Apple devices. But this hasn’t stopped hackers using it to exploit PC users.

The success of Clubhouse since its launch in April 2020 has ensured that it has grabbed numerous headlines. And everyone is keen to have a taste of the Clubhouse experience where audio content is king. But this is not yet an option for PC users. Nonetheless, the interest generated by Clubhouse means that the app has brought it to the attention of the hacking community. Using all their cunning and guile, these hackers have decided to use Clubhouse as a front for infecting PCs with malware. And they have been meeting this objective by running fake ads on Facebook.

Facebook currently has around 2.8 billion regular users, so the potential for success with this attack is large. Therefore, you need to be aware of what to look out for.

Fake Ads on Facebook

The promise of these fake ads on Facebook were simple: a Clubhouse app is now available for PCs, so get it now. It was an announcement which caught the eye of many PC users. But, unfortunately, there was no Clubhouse app for the PC. Instead, clicking the ad would take the user to a malicious website pretending to be an official Clubhouse page. On this page there was a download link for an app, but it was not Clubhouse; there would be no opportunity for social media activities on the malicious app. Once it was opened it would connect the victim to a remote server which then proceeded to download malware (including ransomware) on to the PC.

Combatting Fake Ads

Malvertising has been a common hacking strategy for some time now, but it is not one that many people are familiar with. And, given the size and scale of Facebook, it is surprising that their platform is open to such abuse. However, it is this size which makes it such an attractive proposition to hackers. If just 0.5% of Facebook’s audience fall for a scam then it’s a significant hit. Thankfully, this Clubhouse scam appeared to deactivate as soon as it was discovered. The malicious app no longer connects to a remote server and now only returns an error message. But it’s important that you know what you’re clicking on when you’re online.

In an ideal world, Facebook would fully vet every single advert submitted to its system. But this is impossible due to the sheer numbers involved. And, besides, they can easily be adjusted after being accepted on the platform. Therefore, it pays to carry out these best practices:

  • Verify Ad Destinations: Depending on which browser you use, you should be able to view where an ad will send you before clicking on it. Often, hovering over it is enough to display the destination within your browser. Alternatively, you can right hand click an ad and select “Copy link address” before pasting it into a program such as Notepad. If there is something suspicious about this link – such as a name which doesn’t match the promised destination – then don’t click the advert.
  • Run Antivirus Software: It’s crucial that you install antivirus software on your PC, particularly one that runs in real-time. These apps may not stop you clicking on infected adverts, but they can identify infected software. Accordingly, the malicious Clubhouse app would be detected and immediately quarantined.
  • Use an Ad-Blocker: An ad-blocker will block all the ads on a webpage, so this completely eliminates the risk of clicking on a malicious ad. This may sound perfect, but bear in mind that some websites may not run properly when an ad-blocker is used. In fact, many websites may not allow you to gain access to their content as a result. Luckily, websites that you trust can be listed as exceptions within the software.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More