Security News
The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. [...]
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an...
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity...
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen...
Security researchers are warning that China-linked state-backed hackers are increasingly relying on a vast proxy server network created from virtual private servers and compromised online devices for cyberespionage operations. Called operational relay box networks, these proxy meshes are administered by independent cybercriminals that provide access to multiple state-sponsored actors.
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks,...
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called...
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office routers and IoT devices in 88 countries. Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.
As recently released research by HUMAN Security's Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit. "The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user's knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account."
Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to...