The Reveal Platform
Intel Name: Resurgence of the prometei botnet
Date of Scan: June 23, 2025
Impact: High
Summary: Our researchers have observed a new wave of Prometei botnet activity. Prometei refers to both the malware family and the botnet infrastructure used to remotely control compromised Linux and Windows systems for Monero mining and credential theft. This report highlights the resurgence of the Linux variant, which is still under active development and now includes new modules and capabilities. Recent versions feature a backdoor for expanded malicious activity, employ domain generation algorithms (DGAs) for C2 communication, and include self-updating functions for stealth.
