The notorious Prometei botnet has recently made major improvements to its modules and exhibited new capabilities. Prometei, a Linux-based malware, has been active since at least 2019 and is believed to be operated by the same group behind the Zeus and Kasidet botnets.

In a recent update, the botnet has incorporated several new capabilities, including improved encryption and communication protocols, an improved distributed denial-of-service (DDoS) module, and an improved command-and-control (C2) system. The new encryption protocol is believed to make it more difficult for security researchers to monitor and analyze its activities.

The DDoS module has been improved to allow Prometei to launch more sophisticated attacks. For example, it is now capable of performing layer 7 DDoS attacks, which target specific types of network traffic. Additionally, the botnet has also been observed using a custom protocol for C2 communication. This protocol is believed to make it difficult for network defenders to detect and block Prometei’s malicious traffic.

It is likely that Prometei will continue to evolve and become more sophisticated in the future. Security researchers are advised to pay close attention to the botnet’s activities in order to protect networks from its malicious activities.