Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
X Cyber Group (XCyber?)
We work with clients to keep data, people and businesses protected within the geography of the internet.
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals, Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”), has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Prospero OOO has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST (BEARHOST has been cultivating its reputation since at least 2019).?
“If you need a server for a botnet, for malware, brute, scan, phishing, fakes and any other tasks, please contact us,” BEARHOST’s ad on one forum advises. “We completely ignore all abuses without exception, including SPAMHAUS and other organizations.”?
Intrinsec found Prospero has courted some of Russia’s nastiest cybercrime groups, hosting control servers for multiple ransomware gangs over the past two years. Intrinsec said its analysis showed Prospero frequently hosts malware operations such as SocGholish and GootLoader, which are spread primarily via fake browser updates on hacked websites and often lay the groundwork for more serious cyber intrusions — including ransomware.?
Read more here.