Security News > 2021 > September > Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns
Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
"Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems," researchers from Cisco Talos said in a Tuesday analysis.
Proxyware, also called internet-sharing applications, are legitimate services that allow users to carve out a percentage of their internet bandwidth for other devices, often for a fee, through a client application offered by the provider, enabling other customers to access the internet using the internet connections offered by nodes on the network.
In one instance observed by Cisco Talos, attackers were found using the proxyware applications to monetize victims' network bandwidth to generate revenue as well as exploit the compromised machine's CPU resources for mining cryptocurrency.
Another case involved a multi-stage malware campaign that culminated in the deployment of an info-stealer, a cryptocurrency mining payload, as well as proxyware software, underscoring the "Varied approaches available to adversaries," who can now go beyond cryptojacking to also plunder valuable data and monetize successful infections in other ways.
Even more concerningly, researchers detected malware that was used to silently install Honeygain on infected systems, and register the client with the adversary's Honeygain account to profit off the victim's internet bandwidth.