In order to obtain illegitimate revenue, cybercriminals are increasingly targeting internet connections. According to researchers, in the cybercrime arena, an approach involving the usage of proxyware is gaining acceptance.
Internet bandwidth is being sold
To make money illegally, attackers are now targeting internet-sharing via proxyware platforms like Honeygain and Nanowire.
- In exchange for a nominal fee, these services allow users to share a small portion of their internet bandwidth.
- To make more money, attackers have been seen installing digital currency miners and info-stealers.
- A malware family has been discovered by researchers that is distributing a patched version of the Honeygain client, info-stealer, and XMRig miner. It was later discovered to be delivering Nanowire clients.
- Platforms like Honeygain, for example, should limit the number of devices that can be connected to a single account. Attackers, on the other hand, can always create multiple accounts to expand their operational possibilities.
How does it work?
Commercializing excess bandwidth is a tremendously profitable business strategy for users, and it’s gaining appeal among attackers as well.
- In a typical attack campaign, the attacker discreetly installs malicious malware on the victim’s devices, which is bundled with genuine proxyware client software.
- After that, the malware family tries to install proxyware on the victim’s computer.
- It then registers the software under an account created by the attackers in order to pay the attackers a referral incentive.
- When the proxyware client is activated, it begins selling the victim’s bandwidth without their knowledge.
In some scenarios, hackers may even patch the client to prevent any warnings from alerting the victim.
Proxyware services could herald the emergence of a new threat category, comparable to crypto jacking. The threat allows attackers to take advantage of the extra capacity without leaving any evidence for victims. Furthermore, attackers can easily prey on real users who are prepared to donate their resources via proxyware services without raising any performance concerns.
To read more, please check eScan Blog
