Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices
Dec. 9, 2024, 6:02 p.m.
Tags
External References
Description
A malicious botnet called Socks5Systemz is operating a proxy service named PROXY.AM, utilizing over 85,000 compromised devices. The botnet, active since 2013, aims to turn infected systems into proxy exit nodes for cybercriminals seeking to obscure their attack sources. Initially boasting around 250,000 machines, the botnet's size has decreased due to a loss of control and subsequent rebuilding. PROXY.AM offers 'elite, private, and anonymous proxy servers' for monthly fees ranging from $126 to $700. The botnet primarily affects countries like India, Indonesia, Ukraine, and Algeria. This revelation follows recent discoveries of similar malware-powered proxy services, highlighting the ongoing threat of botnets and proxy abuse in cybercrime activities.
Date
Published: Dec. 9, 2024, 1:12 p.m.
Created: Dec. 9, 2024, 1:12 p.m.
Modified: Dec. 9, 2024, 6:02 p.m.
Attack Patterns
Socks5Systemz
Amadey - S1025
SmokeLoader
PrivateLoader
Socks5Systemz
T1583
T1572
T1590
T1071
T1219
T1204
T1584
T1133
T1090
Additional Informations
British Indian Ocean Territory
Nigeria
Algeria
Egypt
Colombia
Bangladesh
India
Argentina
Thailand
Indonesia
Morocco
Philippines
Mexico
Pakistan
Ukraine
Brazil
United States of America
Russian Federation