Members Only

AT&T Alien Labs Uncovers Expansive Campaign: Windows Machines Ensnared in Proxy Service Scheme


Published on Aug 21, 2023   —   3 min read


AT&T Alien Labs' team of researchers has unearthed a colossal threat campaign that deploys a proxy server application onto Windows devices. A particular company is capitalizing on this by charging for proxy services that utilize the traffic flowing through these compromised machines. This discovery builds upon previous research about Mac systems being manipulated into proxy exit nodes by AdLoad.

In this extensive investigation, Alien Labs pinpointed a company engaged in offering proxy services. These services involve rerouting proxy requests through breached systems, which have been covertly transformed into residential exit nodes due to malicious software infiltration. Contrary to the proxy website's claims that exit nodes are sourced exclusively from consenting users, Alien Labs has uncovered evidence that malware creators are stealthily installing the proxy in infected systems. Further complicating matters, the proxy application is signed, allowing it to evade anti-virus detection and slip past the watchful eyes of security firms.

This follow-up article delves into the alarming escalation in Windows malware, which is now delivering identical payloads to forge a staggering 400,000-strong proxy botnet. The findings shed light on a complex and evolving threat landscape, underscoring the need for vigilance and robust cybersecurity measures.

This post is for subscribers only

Subscribe now and have access to all our stories, enjoy exclusive content and stay up to date with constant updates.


Already have an account? Sign in

Share on Facebook Share on Linkedin Share on Twitter Send by email

Subscribe to the newsletter

Subscribe to the newsletter for the latest news and work updates straight to your inbox, every week.