Security News > 2023 > August > This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers
Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests.
According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it's not immediately clear how many of them were co-opted by malware installed on infected machines without user knowledge and interaction.
"Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device," the cybersecurity company said it found evidence where "Malware writers are installing the proxy silently in infected systems."
"The monetization of malware propagating proxy servers through an affiliate program is troublesome, as it creates a formal structure to increase the speed at which this threat will spread," security researcher Ofer Caspi said.
"The rise of malware delivering proxy applications as a lucrative investment, facilitated by affiliate programs, highlights the cunning nature of adversaries' tactics. These proxies, covertly installed via alluring offers or compromised software, serve as channels for unauthorized financial gains."
"A combination of the increasing use of macOS in corporate environments, the high potential earnings of threat actors willing and able to target macOS and the surging demand for macOS tools and wares suggest this trend will continue."
News URL
https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html
Related news
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)
- Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware (source)
- Researchers sinkhole PlugX malware server with 2.5 million unique IPs (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)