Major SocksEscort proxy network powered by Linux malware taken down by FBI and other police forces

News
By published

15-year-old malicious network was finally taken down

Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
(Image credit: Shutterstock)
  • "Operation Lightning" dismantles SocksEscort proxy botnet
  • 369,000+ routers and IoT devices compromised across 163 countries
  • Law enforcement seized domains, servers, and $3.5M in crypto

An international law enforcement crackdown called “Operation Lightning” took down SocksEscort, a malicious residential proxy network which counted thousands of devices and defrauded people out of millions of dollars.

A malicious residential proxy is a service that routes internet traffic through real home devices and IP addresses that were previously infected by malware. Attackers use these proxies to hide their true location and appear like normal users online, which helps them evade security systems and engage in different malicious activities such as credential stuffing, ad fraud, account takeover, and more.

A Europol press release noted SocksEscort compromised more than 369,000 routers and Internet of Things (IoT) devices in 163 countries, and offered its customers more than 35,000 proxies in recent years. The international law enforcement agency said Operation Lightning took down 34 domains and 23 servers in seven countries, while 3.5 million in cryptocurrency was seized in the United States.

Article continues below

Infected with AVrecon

Discussing the many victims of SocksEscort, the US Attorney's Office for the Eastern District of California said a cryptocurrency exchange customer in New York was defrauded out of $1 million, while a manufacturing business in Pennsylvania lost $700,000. Both current and former US service members with Military Star cards were defrauded out of $100,000, as well.

Europol said the compromised devices were infected with malware, through a vulnerability “in the residential modems of a specific brand”, without saying which brand that was.

An earlier Krebs report said the crooks were deploying the AVrecon malware against small office and home office routers. The same report stated that SocksEscort was 12 years old at the time, which means it was 15 years old when it was finally taken down.

During its analysis, Black Lotus Labs described SocksEscort as “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history.”

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.