- Apr 24, 2016
The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers.
The law enforcement operation involved the FBI and police forces in Germany, the Netherlands, and the United Kingdom, where the botnet maintained parts of its infrastructure.
A botnet is a swarm of devices that threat actors can remotely control to perform various behavior, including DDoS attacks, crypto mining, and deploying additional malware.
In the case of RSocks, the botnet was used to convert residential computers into proxy servers, allowing the botnet's customers to use them for malicious activity or to appear as coming from a residential IP address.
Typical use-case scenarios for these services include phishing operations, credential stuffing, account takeover attempts, etc. In addition, using a proxy service makes it harder for threat actors to be tracked by law enforcement, especially when those IP addresses belong to people unaware their devices were hijacked.
RSocks was also promoted for use by shopping bots, such as sneaker bots, that benefit from using residential IP addresses, which are usually not banned from online retailers.