Security News

State hackers turn to massive ORB proxy networks to evade detection
2024-05-22 17:37

Security researchers are warning that China-linked state-backed hackers are increasingly relying on a vast proxy server network created from virtual private servers and compromised online devices for cyberespionage operations. Called operational relay box networks, these proxy meshes are administered by independent cybercriminals that provide access to multiple state-sponsored actors.

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
2024-04-28 13:52

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks,...

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
2024-03-29 12:12

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called...

TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
2024-03-26 15:00

A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office routers and IoT devices in 88 countries. Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.

Apps secretly turning devices into proxy network nodes removed from Google Play
2024-03-26 10:13

As recently released research by HUMAN Security's Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit. "The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user's knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account."

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software
2023-12-08 09:52

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to...

New proxy malware targets Mac users through pirated software
2023-12-03 15:12

Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. Proxy trojan malware infects computers, turning them into traffic-forwarding terminals used to anonymize malicious or illegal activities such as hacking, phishing, and transactions for illicit goods.

Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy
2023-11-17 22:01

In a rare squid/security post, here's an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Russian national pleads guilty to building now-dismantled IPStorm proxy botnet
2023-11-14 23:23

The FBI says it has dismantled another botnet and collared its operator, who admitted hijacking tens of thousands of machines around the world to create his network of nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in Florida in January and sent to Puerto Rico, where he pleaded guilty [PDF] in September, details of which were only publicized today by the US Department of Justice.

Socks5Systemz proxy service infects 10,000 systems worldwide
2023-11-05 15:17

A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. Socks5Systemz is detailed in a report by BitSight that clarifies that the proxy botnet has been around since at least 2016 but has remained relatively under the radar until recently.