Malware, Endpoint/Device Security

Malware leveraged to create massive proxy botnet

BleepingComputer reports that malware has been used by threat actors to distribute and install proxy server apps on at least 400,000 Windows systems to create a massive botnet that used the compromised systems as residential exit nodes. While the exit nodes were purported to have been obtained from users that have provided their consent, AT&T Alien Labs researchers discovered that the proxy has been stealthily installed in compromised systems. "In addition, as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies," said AT&T Alien Labs researchers. Threat actors leveraged a hidden loader in cracked games and software to facilitate background installation of the proxy application, with the malware then delivering certain parameters that would enable the inclusion of the device to the botnet. "The proxy then continuously gathers vital information from the machine to ensure optimal performance and responsiveness. This includes everything from the process list and monitoring CPU to memory utilization and even tracking battery status," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.