"Customers of the criminal service paid for licences to abuse these infected devices, hiding their original IP addresses to engage in various criminal activities. Upon infection with the malware, the modems' owners would not be aware that their IP addresses were used for illegitimate activities."
"The SocksEscort botnet allegedly compromised more than 369,000 routers and Internet of Things devices in 163 countries, and that the infected routers have been disconnected from the service. SocksEscort was used to facilitate ransomware, distributed denial of service attacks, and the distribution of child sexual abuse material."
"This botnet posed a significant threat, as it was marketed exclusively to criminals. Notably, over half of its victims were located in the United States or the United Kingdom, enabling attackers to target these regions with particular focus."
A coordinated international law enforcement operation dismantled SocksEscort, a criminal proxy service built on a botnet of hacked routers and IoT devices. The botnet compromised more than 369,000 devices across 163 countries, with approximately 280,000 routers infected with AVRecon malware. Criminals paid for licenses to use these compromised devices to hide their IP addresses while committing various crimes including unauthorized bank and cryptocurrency account access, fraudulent unemployment claims, ransomware attacks, DDoS operations, and child sexual abuse material distribution. Device owners remained unaware their routers were being exploited. The operation resulted in disconnecting infected routers from the service and replacing the SocksEscort website with a seizure notice.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]