AT&T Alien Labs' team of researchers has unearthed a colossal threat campaign that deploys a proxy server application onto Windows devices. A particular company is capitalizing on this by charging for proxy services that utilize the traffic flowing through these compromised machines. This discovery builds upon previous research about Mac systems being manipulated into proxy exit nodes by AdLoad.
In this extensive investigation, Alien Labs pinpointed a company engaged in offering proxy services. These services involve rerouting proxy requests through breached systems, which have been covertly transformed into residential exit nodes due to malicious software infiltration. Contrary to the proxy website's claims that exit nodes are sourced exclusively from consenting users, Alien Labs has uncovered evidence that malware creators are stealthily installing the proxy in infected systems. Further complicating matters, the proxy application is signed, allowing it to evade anti-virus detection and slip past the watchful eyes of security firms.
This follow-up article delves into the alarming escalation in Windows malware, which is now delivering identical payloads to forge a staggering 400,000-strong proxy botnet. The findings shed light on a complex and evolving threat landscape, underscoring the need for vigilance and robust cybersecurity measures.