US Shuts Down Massive Botnet That Masqueraded As a Proxy Service
The US says it’s dismantled a Russian botnet that compromised millions of devices and helped cybercriminals break into online accounts.
The botnet was available on the open internet, ostensibly as a proxy server from a provider named RSocks. But in reality, the platform supplied hackers with access to hijacked computers, according(Opens in a new window) to the US Justice Department.
To create the botnet, the operators hijacked numerous connected devices across the globe, including internet routers, video-streaming hardware, smart garage door openers, Android devices, and Raspberry Pi computers.
Each of these devices was also assigned a unique IP address; they were owned by individuals, businesses, and public entities, such as a university, a hotel, a television studio, and an electronics manufacturer.
The owners of RSocks then rented out access to the hijacked devices to cybercriminals through monthly subscriptions that ranged from a few dollars per day to $200 for 2,000 proxies. “The customer could then route malicious internet traffic through the compromised victim devices to mask or hide the true source of the traffic,” the Justice Department said.
According to federal investigators, the botnet facilitated cybercrimes that often involved trying to break into people’s online accounts through password-guessing attacks. In other cases, hackers used the botnet to spread malware and phishing emails to victims.
The FBI first uncovered the botnet back in 2017 when it identified approximately 325,000 compromised devices that were part of the RSocks botnet. The Justice Department added: “Through analysis of the victim devices, investigators determined that the RSocks botnet compromised the victim device by conducting
Read more on pcmag.com
