Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Use Windows? You might be part of a malicious proxy network

Proxy

Your computer may be part of a major proxy service without you even knowing. To make matters worse, someone out there is getting paid to offer these IP addresses, and the bandwidth, to their customers.

These are the findings of AT&T Alien Labs, published earlier this week. As reported by BleepingComputer, a threat actor created a piece of malware and distributed it through game cracks and other illegal software. 

The malware silently downloads and installs a proxy application, without user knowledge or consent. Antivirus programs weren’t flagging the proxy application as malicious, either.

Hundreds of thousands of victims

When the installation is complete, the infected endpoint becomes part of a proxy network which the malware’s operators then sold as a proxy service to its clients and customers. Apparently, more than 400,000 Windows systems were compromised this way. 

To make matters worse, the company behind the botnet claims that all of the victims gave their consent, and willingly became part of the proxy infrastructure. However, researchers at Alien Labs beg to differ: 

"Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems."

They added, “as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies."

While we don’t know the name of the threat actors behind the campaign, the researchers said it’s almost identical to an earlier campaign targeting macOS systems. In that campaign, a malware named AdLoad was being distributed. 

To double-check whether your device was compromised, AT&T’s researcher says users should look for a “Digital Pulse” executable located at "%AppData%\", or a similar Registry key found in "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\." and remove it.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.