Malware, Security Operations, Threat Intelligence, IoT

International operation dismantles SocksEscort botnet used for large-scale fraud

As detailed in The Hacker News, an international law enforcement operation has successfully dismantled SocksEscort, a criminal proxy service that compromised thousands of residential routers globally to facilitate extensive fraud schemes.

SocksEscort utilized malware, identified as AVrecon, to infect home and small business routers, including devices from brands like Cisco, D-Link, and Netgear. This malware allowed the service to reroute internet traffic through these compromised devices, which SocksEscort then sold access to. The service offered access to hundreds of thousands of IP addresses across 163 countries, charging customers as much as $200 per month for access to 5,000 proxies.

This infrastructure was used to conceal the true IP addresses of criminals, enabling them to conduct fraudulent activities, including a $1 million cryptocurrency theft from a New York resident, a $700,000 fraud against a Pennsylvania manufacturing business, and $100,000 in fraud targeting U.S. service members. The coordinated takedown, involving authorities from eight countries and Europol, resulted in the seizure of 34 domains and 23 servers, with $3.5 million in cryptocurrency frozen.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds