1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Use Windows? You might be part of a malicious proxy network

    From TechnologyDaily@1337:1/100 to All on Thu Aug 17 10:15:04 2023
    Use Windows? You might be part of a malicious proxy network

    Date:
    Thu, 17 Aug 2023 10:00:45 +0000

    Description:
    A malware was adding Windows devices to a botnet, while its operators claim
    no foul play.

    FULL STORY ======================================================================

    Your computer may be part of a major proxy service without you even knowing. To make matters worse, someone out there is getting paid to offer these IP addresses, and the bandwidth, to their customers.

    These are the findings of AT&T Alien Labs, published earlier this week. As reported by BleepingComputer, a threat actor created a piece of malware and distributed it through game cracks and other illegal software.

    The malware silently downloads and installs a proxy application, without user knowledge or consent. Antivirus programs werent flagging the proxy
    application as malicious, either. Hundreds of thousands of victims

    When the installation is complete, the infected endpoint becomes part of a proxy network which the malwares operators then sold as a proxy service to
    its clients and customers. Apparently, more than 400,000 Windows systems were compromised this way. Read more

    Botnets responsible for nearly all malicious web traffic


    A fearsome new botnet is rapidly gaining momentum


    These are the best firewalls

    To make matters worse, the company behind the botnet claims that all of the victims gave their consent, and willingly became part of the proxy infrastructure. However, researchers at Alien Labs beg to differ:

    "Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems."

    They added, as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies."

    While we dont know the name of the threat actors behind the campaign, the researchers said its almost identical to an earlier campaign targeting macOS systems. In that campaign, a malware named AdLoad was being distributed.

    To double-check whether your device was compromised, AT&Ts researcher says users should look for a Digital Pulse executable located at "%AppData%\", or
    a similar Registry key found in "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\." and remove it. These are the best malware removal tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-massive-proxy-network-has-been-secrec tly-built-in-windows-systems


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)