![]() When executed, they will typically install the legitimate application, while also silently installing malware.”Īs expected, adversaries adopt a number of different techniques, similar to those of malicious crypto-miners, both for running the application silently and maintaining process persistence. In other instances documented by Cisco, “threat actors are distributing malicious executables that pose as installers for legitimate proxyware applications like Honeygain. “Threat actors are distributing the proxyware applications to monetize victims’ network bandwidth for the purposes of generating revenue,” researchers reported. Active Abuse: Proxyware Services Under AttackĬisco found a number of existing malware campaigns were distributing trojan-ized versions of the proxyware applications. This is another indicator that clearly demonstrates the popularity of this platform across the internet,” researchers wrote. “Investigating DNS activity associated with the API used by the Honeygain client, we identified a large number of queries being performed. According to Cisco’s investigation, Honeygain boasted a quarter million users, based on Honeygain’s reported responses to a survey of its customers.Įstimating how many legitimate companies use proxyware services is equally hard to determine. ![]() To gauge interest and the user-base of Honeygain, market leader of the niche, Cisco examined subscriber growth of the Honeygain subreddit on Reddit from zero in 2019 to close to 8,000 as of July 2021. Pinpointing how many consumers are using these types of services is difficult. With regards to this report, Threatpost is waiting for Honeygain and Nanowire, two leading services in this space, to reply to requests for comment. “These applications pose significant privacy and operational risks to organizations as they may allow nefarious or abusive network traffic to appear as if it originates from their corporate networks resulting in reputational damages that may also lead to service disruption,” researchers wrote. They compare the trend with how adversaries surreptitiously installed cryptocurrency mining software on victims’ computers in an attempt to monetize CPU cycles. Researchers say adversaries are currently using proxyware services to run malware campaigns and monetize the internet bandwidth of victims. “As proxyware has grown in popularity, attackers have taken notice and are now attempting to exploit this interest to monetize their malware campaigns,” according to the report’s co-authors: Edmund Brumaghin, threat researcher, and Vitor Ventura, outreach researcher, both with Cisco Talos. Growing Proxyware Trend Presents Cybersecurity Challenges Consumers accruing bandwidth overage fees when running app on a mobile device.Businesses using proxyshare platforms potentially exposing unencrypted internet traffic to malicious hosts.Employee abuse of company networks running the app or multiple versions of the service.Corporate networks exposed to malicious versions of proxyware.Malicious or trojan-ized versions of bandwidth-sharing application distributed by adversaries.Researchers found that abuse of the services – by consumers and adversaries – present a myriad of risks, including: Why Are Proxyware Services Potentially Dangerous? ![]() Uses also include testing potential online advertising campaigns or circumventing commercial network restrictions.įor consumers, Cisco points out, proxyware services are “advertised as a means to circumvent geolocation checks on streaming or gaming platforms,” while at the same time allowing consumers to generate income for the use of their bandwidth. The ability to access residential and geographically diverse IP addresses can be extremely helpful. Proxyware services are attractive to businesses that use them for internet-related traffic research, such as search engine optimization. Apps fall into a category called proxyware, because they turn the device running the software into a type of proxy server. ![]() Services are delivered as desktop and mobile applications. “These relatively new platforms were built with a legitimate purpose, but attackers quickly found ways to abuse them,” according to a report by Cisco Talos posted Tuesday. The burgeoning business model is growing in popularity with consumers who earn about $1 for every 10GB of their bandwidth shared with services that include Honeygain, Nanowire, IPRoyal Pawns, Peer2Profit and PacketStream. Services that allow consumers to resell their own internet bandwidth for profit to businesses that want to resell it are ripe for abuse, according to researchers.
0 Comments
Leave a Reply. |