A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service


Level 75
Content Creator
Malware Hunter
Aug 17, 2014
Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S.

Dubbed "Prometheus TDS" (short for Traffic Direction System) and available for sale on underground platforms for $250 a month since August 2020, the service is designed to distribute malware-laced Word and Excel documents and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News.

More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominent verticals targeted by the attacks.

"Prometheus TDS is an underground service that distributes malicious files and redirects visitors to phishing and malicious sites," Group-IB researchers said. "This service is made up of the Prometheus TDS administrative panel, in which an attacker configures the necessary parameters for a malicious campaign: downloading malicious files, and configuring restrictions on users' geolocation, browser version, and operating system."