Proxyware Platforms Increasingly Targeted by Cybercriminals


Level 76
Content Creator
Malware Hunter
Aug 17, 2014
Proxyware platforms are increasingly targeted in cybercrime operations aimed at distributing malware or at monetizing the internet bandwidth of victims, according to Cisco’s Talos research and intelligence unit.

With the help of proxyware platforms, users can share their unused Internet bandwidth. For that, they download and install a client application that joins their system to a network operated by the platform provider, which sells access to the network to other users who want to circumvent certain restrictions.

While users typically join proxyware networks for monetary gain, the use of such platforms comes with multiple security risks, including the possible interception of unencrypted traffic, or service degradation due to being banned on certain online services.

Despite such issues, the popularity of these platforms has increased rapidly over the past several years, with hundreds of thousands of users already joining them.

Legitimate users, however, aren’t the only ones to show increasing interest in proxyware platforms. Talos security researchers say they have seen numerous malware campaigns specifically targeting the users of these services.

The researchers observed several malware campaigns in which trojanized installers for proxyware applications are used to distribute RATs, information stealers, and other types of malware. In other campaigns, threat actors distribute proxyware applications to abuse the victims' network bandwidth for generating revenue, or to distribute cryptominers while also monetizing the network bandwidth.

Typically, the malicious installers drop the legitimate application to avoid raising suspicion. In the background, however, they also install malware. In some cases, the cybercriminals distribute malware that installs proxyware and attempts to register devices using the attacker’s account.

In some instances, Talos’ researchers saw attempts to use multiple methods for monetizing successful infections, such as a multi-stage malware campaign delivering an information stealer, malware to mine for cryptocurrency, and a proxyware application to generate revenue.