Botnet Exploits 85,000+ Devices for Illegal Proxy Service

The Socks5Systemz botnet is exploiting over 85,000 compromised devices to fuel an illegal proxy service called PROXY.AM. According to a recent report, the botnet converts infected systems into proxy exit nodes, enabling cybercriminals to mask the origins of their attacks.

The botnet has been active since 2016 but saw significant changes in December 2023. Its original version, Socks5Systemz V1, was dismantled, forcing its operators to rebuild from scratch with new command-and-control infrastructure. Despite this, it continues to thrive, maintaining up to 100,000 active nodes worldwide.

Countries with the highest number of infected devices include India, Indonesia, and Ukraine, among others. Victims unknowingly contribute to the botnet when their systems are infected with loaders like PrivateLoader, SmokeLoader, or Amadey. These tools distribute the malware, allowing attackers to replace old infections with updated versions.

PROXY.AM, the illegal proxy service powered by the botnet, markets itself as offering anonymous and private proxy servers. Packages range from $126 to $700 per month, catering to cybercriminals seeking anonymity for activities such as data theft, fraud, and further malware distribution.

Researchers emphasize that proxy services like this add layers of anonymity for attackers, complicating efforts to trace their activities. These botnets are a critical enabler of other cybercrimes, such as distributed denial-of-service (DDoS) attacks, credential theft, and cryptocurrency mining.

For example, another botnet, Gafgyt, targets misconfigured Docker Remote API servers to conduct DDoS attacks. Threat actors exploit weak SSH passwords and vulnerable cloud configurations to expand their reach. Studies reveal hundreds of exposed instances leaking sensitive credentials, creating opportunities for unauthorized access to cloud systems and APIs.

Preventing Botnet Infections

Preventing botnet infections requires strong cybersecurity practices. Regularly update and patch systems, configure cloud services securely, and monitor for unusual activity. Use robust passwords and multi-factor authentication to minimize vulnerabilities. Educating users about safe online behavior is equally critical in mitigating risks.

Proactive steps and awareness can significantly reduce exposure to malicious botnets and their cascading impacts on security.

Leave a Comment

Your email address will not be published. Required fields are marked *