Metprom Group

Metprom Group, also known by its alias, is a threat actor entity based in Russia that focuses on the creation and dissemination of information‑stealing malware. Its most publicized activity involves the XLoader botnet, a malware strain designed to exfiltrate data from both Windows and macOS systems. The group’s core product is the XLoader payload, which is distributed through various infection vectors to compromise victim endpoints. By concentrating on stealth data theft, Metprom Group serves the underground market for credential and financial information. This focus defines its operational scope within the cybercrime ecosystem.

A distinguishing attribute of Metprom Group is its use of probability‑based evasion techniques within the XLoader botnet to obscure command‑and‑control infrastructure. During each communication attempt, the malware overwrites eight randomly selected domains drawn from a pool of sixty‑four, continually shifting its C2 list. This dynamic domain rotation reduces the effectiveness of static IP blocking and complicates efforts by researchers to track or disrupt the botnet. The approach enhances the group’s operational resilience by preventing loss of infrastructure nodes while obscuring its footprint. Metprom Group’s headquarters are located in Russia, anchoring its activities to that geographic region.