Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

SUMMARY :

A malicious botnet called Socks5Systemz is operating a proxy service named PROXY.AM, utilizing over 85,000 compromised devices. The botnet, active since 2013, aims to turn infected systems into proxy exit nodes for cybercriminals seeking to obscure their attack sources. Initially boasting around 250,000 machines, the botnet's size has decreased due to a loss of control and subsequent rebuilding. PROXY.AM offers 'elite, private, and anonymous proxy servers' for monthly fees ranging from $126 to $700. The botnet primarily affects countries like India, Indonesia, Ukraine, and Algeria. This revelation follows recent discoveries of similar malware-powered proxy services, highlighting the ongoing threat of botnets and proxy abuse in cybercrime activities.

OPENCTI LABELS :

privateloader,amadey,botnet,cybercrime,smokeloader,socks5systemz,proxy service,exit nodes,hacked devices,proxy.am


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices