Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Monetize Malware
Share It On:

3rd September 2021, Kathmandu

Threat actors are capitalizing on the growing popularity of proxy war platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how assailants are expeditious to repurpose and weaponize legitimate platforms to their advantage.

“Malware is currently leveraging these platforms to monetize the cyber world bandwidth of victims, kindred to how malignant cryptocurrency mining endeavors to monetize the CPU cycles of infected systems,” researchers from Cisco Talos verbally expressed in a Tuesday analysis. “In many cases, these applications are featured in multi-stage, multi-payload malware attacks that provide adversaries with multiple monetization methods.”

Proxyware, withal called internet-sharing applications, are legitimate accommodations that sanction users to carve out a percentage of their cyberspace bandwidth for other contrivances, often for a fee, through a client application offered by the provider, enabling other customers to access the cyber world utilizing the cyber world connections offered by nodes on the network. For consumers, such accommodations are “advertised as an expedient to circumvent geolocation checks on streaming or gaming platforms while engendering some income for the utilizer offering up their bandwidth,” the researchers expounded.

But the illicit utilization of proxy war withal introduces a multitude of perils in that they could sanction threat actors to obfuscate the source of their assailants, thereby not only giving them the competency to perform malignant actions by making it appear as if they are originating from legitimate residential or corporate networks but additionally render ineffective conventional network bulwarks that rely on IP-predicated blocklists.

“The same mechanisms currently used to monitor and track Tor exit nodes, “innominate” proxies, and other prevalent traffic obfuscation techniques do not currently subsist for tracking nodes within these proxy wars networks,” the researchers noted.

That’s not all. Researchers identified several techniques adopted by deplorable actors, including trojanized proxy war installers that sanction for surreptitious distribution of information purloiners and remote access trojans (RATs) without the victims’ erudition. In one instance optically canvassed by Cisco Talos, assailers were found utilizing the proxy war applications to monetize victims’ network bandwidth to engender revenue as well as exploit the compromised machine’s CPU resources for mining cryptocurrency.

Another case involved a multi-stage malware campaign that culminated in the deployment of an info-purloiner, a cryptocurrency mining payload, as well as proxy wars software, underscoring the “varied approaches available to adversaries,” who can now transcend cryptojacking to additionally plunder valuable data and monetize prosperous infections in other ways.

Even more concerningly, researchers detected malware that was acclimated to mutely install Honeygain on infected systems, and register the client with the adversary’s Honeygain account to profit off the victim’s internet bandwidth. This additionally betokens that an assailer can sign up for multiple Honeygain accounts to scale their operation predicated on the number of infected systems under their control.

“For organizations, these platforms pose two essential quandaries: The abuse of their resources, ineluctably being blocklisted due to activities they don’t even control and it increments organizations’ assailment surface, potentially engendering an initial attack vector directly on the endpoint,” the researchers concluded. “Due to the sundry risks associated with these platforms, it is recommended that organizations consider proscribing the utilization of these applications on corporate assets.”


Share It On:

Recent Posts

FNCCI President Dhakal Pledges Support For Syangja’s Orange and Tourism Promotion

FNCCI President Dhakal Pledges Support For Syangja’s Orange and Tourism

Share It On:16th October 2024, Kathmandu President of the Federation of Nepalese Chambers of Commerce and Industry (FNCCI), Chandra Prasad

Global IME Bank and Mahalaxmi Bikas Bank Partner For Non-Fund Based Banking Services

Global IME Bank and Mahalaxmi Bikas Bank Partner For Non-Fund

Share It On:16th October 2024, Kathmandu Global IME Bank Limited and Mahalaxmi Bikas Bank have agreed to provide non-fund-based banking

Nepali Women+ in Computing to Host Next Educated Session on “Senior Data Analyst” With Diksha Shrestha

Nepali Women+ in Computing to Host Next Educated Session on

Share It On:16th October 2024, Kathmandu Nepali Women+ in Computing (NWiC), an AnitaB.org Systers Affinity group, is set to host

Top 10 Most Popular AI Packages of 2024: Streamline AI Development

Top 10 Most Popular AI Packages of 2024: Streamline AI

Share It On:16th October 2024, Kathmandu As AI innovation accelerates, organizations are facing challenges related to the high costs of

Building For Billing: Navigating The Complexities Of U.S. Healthcare System

Building For Billing: Navigating The Complexities Of U.S. Healthcare System

Share It On:16th October 2024, Kathmandu “Explore the complexities of the U.S. healthcare system and the crucial role of medical

Great Himalayan Odyssey: Nepali Riders Conquer Umling La on Bajaj Dominar 400

Great Himalayan Odyssey: Nepali Riders Conquer Umling La on Bajaj

Share It On:15th October 2024, Kathmandu A historic journey is about to unfold as a group of 9 Bajaj Dominar