Crooks Turn Thousand of Devices into Proxies

0 0
Read Time:2 Minute

Criminals Increasingly Leverage Innocent Devices for Illicit Activities

Criminals are becoming more sophisticated in their efforts to anonymize their illegal online operations, utilizing the unwitting devices of numerous users. Recent reports highlight this alarming trend, shedding light on the widespread use of home and office networking equipment for criminal purposes. Understanding the methods and implications of these actions is crucial for combating cybercrime effectively.

TheMoon Malware Network Expands with Infected Routers

Security researchers from Lumen Labs have uncovered a concerning development involving the deployment of malware known as TheMoon across a network of compromised devices. The malicious code, originating from as early as 2014, has evolved to infect various router models over the years, enabling its creators to expand their operations globally. The recent discovery of over 40,000 infected routers across 88 countries, with an additional 1,000 devices being added each day, highlights the scale and persistence of this threat.

Of particular concern is the revelation that TheMoon is affiliating most of these compromised devices with “Faceless,” a shadowy service designed to obfuscate criminal activities online. This strategic move allows threat actors to circumvent conventional detection methods and enhances their ability to engage in unlawful behavior undetected.

Security experts emphasize the challenges posed by such compromised devices, especially in the United States, where the majority of Faceless bots are located. This concentration suggests a significant threat to organizations, particularly in the financial sector, with concerns centered around potential data breaches and unauthorized access.

See also
Chainalysis Proposes $10M Polkadot Partnership

Proxy Networks on Google Play Conceal Malicious Intent

Meanwhile, researchers at Satori Intelligence have uncovered a separate scheme involving the distribution of 28 applications on Google Play that secretly enroll users’ devices into a proxy network, facilitating illicit activities. These apps, derived from the dismantled Oko VPN service, have resurfaced under different guises, all contributing to a sprawling residential proxy network known as ProxyLib.

Through the exploitation of unsuspecting users, these applications extend the reach of criminal networks, emphasizing the need for vigilance and caution when downloading software. The proliferation of such apps underscores the persistent threat posed by malicious actors seeking to leverage legitimate platforms for nefarious ends.

Protecting Against Dangerous Networks

To safeguard against the threat of device compromise and involvement in illegal operations, users should adhere to essential security practices. This includes promptly updating devices, avoiding unsupported hardware, and limiting the installation of unfamiliar applications. By staying informed and exercising caution, individuals can mitigate the risk of falling victim to complex cyber schemes.

As cybercriminals continue to evolve their tactics, maintaining a proactive approach to cybersecurity is essential in safeguarding personal and organizational data against exploitation. By remaining vigilant and informed, users can play a crucial role in combating the growing threat of illicit online activities.

Image/Photo credit: source url

About Post Author

Chris Jones

Hey there! 👋 I'm Chris, 34 yo from Toronto (CA), I'm a journalist with a PhD in journalism and mass communication. For 5 years, I worked for some local publications as an envoy and reporter. Today, I work as 'content publisher' for InformOverload. 📰🌐 Passionate about global news, I cover a wide range of topics including technology, business, healthcare, sports, finance, and more. If you want to know more or interact with me, visit my social channels, or send me a message.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %