- ‘Operation Lightning’ dismantles SocksEscort proxy botnet
- More than 369,000 routers and IoT devices compromised in 163 countries
- Law enforcement confiscated domains, servers and $3.5 million in cryptocurrencies
An international law enforcement campaign called “Operation Lightning” took down SocksEscort, a malicious residential proxy network that counted thousands of devices and defrauded people out of millions of dollars.
A malicious home proxy is a service that routes Internet traffic through real home devices and IP addresses that were previously infected by malware. Attackers use these proxies to hide their true location and appear as normal online users, helping them evade security systems and engage in different malicious activities such as credential stuffing, ad fraud, account takeover, and more.
A press release from Europol noted that SocksEscort compromised more than 369,000 routers and Internet of Things (IoT) devices in 163 countries, and offered its customers more than 35,000 proxy servers in recent years. The international law enforcement agency said Operation Lightning took down 34 domains and 23 servers in seven countries, while 3.5 million in cryptocurrencies were seized in the United States.
Article continues below.
Infected with AVrecon
Discussing the many victims of SocksEscort, the U.S. Attorney’s Office for the Eastern District of California said a customer of a cryptocurrency exchange in New York was defrauded of $1 million, while a manufacturing company in Pennsylvania lost $700,000. Both current and former U.S. service members with Military Star cards were also defrauded of $100,000.
Europol said the compromised devices were infected with malware, through a vulnerability “in residential modems of a specific brand,” without saying which brand it was.
A previous krebs The report said that criminals were deploying AVrecon malware against home and small office routers. The same report claimed that SocksEscort was 12 years old at the time, meaning he was 15 years old when he was finally taken down.
During its analysis, Black Lotus Labs described SocksEscort as “one of the largest botnets targeting small office/home office (SOHO) routers seen in recent history.”
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
