Security News > 2023 > August > Massive 400,000 proxy botnet built with stealthy malware infections
Researchers have uncovered a massive campaign that delivered proxy server apps to at least 400,000 Windows systems.
Some proxy companies sell access to residential proxies and offer monetary rewards to users who agree to share their bandwidth.
In a report today, AT&T Alien Labs says that the 400,000-node proxy network was built by using malicious payloads that delivered the proxy application.
Despite the company behind the botnet claiming that users gave their consent, the researchers discovered that the proxy installed silently on the devices.
"Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems," AT&T Alien Labs.
During the installation of the proxy client, the malware sends specific parameters, which are also relayed to the command and control server so that the new client can be registered and incorporated into the botnet.
News URL
Related news
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices (source)