Russian RSocks botnet disrupted after hacking millions of devices

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,256
Content source
https://www.bleepingcomputer.com/news/security/russian-rsocks-botnet-disrupted-after-hacking-millions-of-devices/
The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers.

The law enforcement operation involved the FBI and police forces in Germany, the Netherlands, and the United Kingdom, where the botnet maintained parts of its infrastructure.

A botnet is a swarm of devices that threat actors can remotely control to perform various behavior, including DDoS attacks, crypto mining, and deploying additional malware.

In the case of RSocks, the botnet was used to convert residential computers into proxy servers, allowing the botnet's customers to use them for malicious activity or to appear as coming from a residential IP address.

Typical use-case scenarios for these services include phishing operations, credential stuffing, account takeover attempts, etc. In addition, using a proxy service makes it harder for threat actors to be tracked by law enforcement, especially when those IP addresses belong to people unaware their devices were hijacked.

RSocks was also promoted for use by shopping bots, such as sneaker bots, that benefit from using residential IP addresses, which are usually not banned from online retailers.
Click to expand...
 
  • Like
  • Applause
Reactions: upnorth, plat, Fel Grossi and 1 other person
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Some more info on the administrators behind RSOCKS. Awesome work, FBI & Interpol! (y)


The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “Stanx,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator.

Verified was hacked twice in the past few years, and each time the private messages of all users on the forum were leaked. Those messages show that after being warned of his forum infraction, Stanx sent a private message to the Verified administrator detailing his cybercriminal bona fides.

“I am the owner of the RUSdot forum (former Spamdot),” Stanx wrote in Sept. 2016. “In spam topics, people know me as a reliable person.”
Click to expand...
 
  • +Reputation
Reactions: upnorth
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Mozi malware botnet goes dark after mysterious use of kill-switch
Replies
1
Views
839
News Archive
ForgottenSeer 97327
F
[correlate]
    • Like
    • Wow
AVrecon malware infects 70,000 Linux routers to build botnet
Replies
0
Views
1,368
News Archive
[correlate]
[correlate]
Victor M
    • Like
    • Wow
Security News NSA found Massive BotNet of routers, firewalls, NAS and IoT operated by PRC
Replies
2
Views
1,621
Security News
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top