Once again, the threat actors have started exploiting an otherwise useful service against internet users. Researchers have noticed active abuse of proxyware services to spread trojanized installers, cryptominers, and execute other malicious activities.
Proxyware Services Abuse Spotted In The Wild
Researchers from Cisco Talos have found various instances where cybercriminals abuse Proxyware services.
Briefly, Proxyware constitutes services from various organizations allowing users to share their bandwidth with others. Such sharing in turn helps others evade location-based content restrictions. Whereas, such services typically help businesses in their routine activities, such as search engine optimization activities (especially for businesses) and obtaining residential proxies.
According to the details shared in their report, the researchers found malware abusing one such platform Honeygain. The malware bundles the installer with an XMRig crypto miner and an infostealer. Â In this way, it attempts at abusing usersâ€™ devices for stealth cryptomining alongside stealing data.
The same malware is seemingly evolving to target another Proxyware service, Nanowire, too.
Besides, the researchers also spotted other malware families distributing trojanized installers of otherwise legit services. In most cases, the malware bundled legit installers with trojans. Thus, the users wonâ€™t notice the stealth execution of malware when installing legit proxyware apps.
Apart from the usual damages to individual users, such malicious campaigns also pose threat to business. As stated by the researchers,
These applications pose significant privacy and operational risks to organizations as they may allow nefarious or abusive network traffic to appear as if it originates from their corporate networks resulting in reputational damages that may also lead to service disruption.
Moreover, any subsequent attacks originating from such Proxyware abuse would make it seem to originate from the usersâ€™ IP addresses. Such attacks may also get difficult to monitor and block since they would appear widespread globally.
Therefore, businesses should practice caution when opting for proxyware services alongside keeping their security teams vigilant. Whereas, security researchers need to devise ways to identify such abuse of legit services in case of malicious campaigns.