Prometheus TDS (Traffic Direction System) is a Malware-as-a-Service (MaaS) arrangement that has been advanced on underground forums since August 2020, being depicted as a stage that can send mails, work with traffic, and help with social engineering.
Additionally, the TDS can be utilized for web shell approval and divert creation, and the management, can work by means of an intermediary, upholds Google accounts, and can approve clients against boycotts. The help is offered at $250 each month, Group-IB’s analysts found.
Notwithstanding the dispersion of malicious records, the said service is being utilized to divert casualties to phishing and vindictive websites. The main mission utilizing Prometheus TDS was found in the spring of 2021, with extra dynamic missions saw since, for an aggregate of in excess of 3,000 casualties distinguished to date.
The said service comprises a regulatory board that permits hackers to arrange different boundaries for their malevolent missions, including the downloading of pernicious documents, and setting limitations for geolocation, programs, and working frameworks.
Outsider contaminated sites are utilized as the mediator between the authoritative panel and the person in question. On these sites, Group-IB’s security analysts found a PHP record named Prometheus.Backdoor was intended to gather and communicate information about the client.
In view of the investigation of this information, the board or panel concludes whether to serve a payload to the person in question or divert them to a predetermined URL.
The service has been utilized to send noxious emails to in excess of 3,000 addresses to date. The most dynamic mission designated people in Belgium (in excess of 2,000 messages), while the second biggest assault designated US substances (in excess of 260 messages focusing on government offices and associations in areas like money, protection, medical care, energy and mining, retail, IT, and cybersecurity).
An average assault including Prometheus TDS begins with a noxious email that either conveys an HTML record to divert the casualty to a compromised website, a link to a web shell that plays out a redirection, or a connection to a Google Doc that contains a URL intended to divert the client to a pernicious webpage.
When the casualty follows the link, they are diverted to the Prometheus.Backdoor URL where their information (counting IP address, User-Agent, language, time region, and referrer header) is gathered and shipped off the Prometheus TDS administrator panel, which concludes how to serve the following stage.
On some foundation that used to have Prometheus TDS, the specialists found an obscure panel that they ultimately recognized as the BRChecker administration, an email address bruter\checker that originally showed up on underground gatherings in 2018. As of May 2021, the assistance is being offered at $490.