Recent reports have identified a new trend where cybercriminals target internet bandwidth connections to gain illegal income. This new method involves the overusing of proxyware, which has been acquiring the interest of the cybercrime industry.
The Internet Bandwidth trade
Honeygain and Nanowire, both internet-sharing via proxyware platforms, have recently been targeted by cybercriminals in an attempt to acquire extra profit. The mentioned targeted platforms are mainly used by clients to share a tiny amount of internet bandwidth connectivity, which is being paid in a small number of fees.
In addition, the threat actors have also been investigated to install info-stealer software and digital currency miners to earn more profit. A malware family is distributing a fixed version of the Honeygain client, XMRig miner, and info-stealer, as stated by researchers. Shortly, Nanowire clients were detected to be delivered as well.
Honeygain is a platform that offers only a limited number of devices in one account. Nonetheless, threat actors can sign up several accounts in an attempt to intensify their threat abilities.
The operational process
The opportunities that are available in selling extra bandwidth connections can be profitable to a lot of clients and as well as to threat actors.
Initially, the threat actors deviously install an infected code through an authentic proxyware client software such as Honeygain and Nanowire towards the device of their target victim. Once the malware family gets into the device, it will attempt to install the proxyware platform into the victim’s computer.
Next, it will register the installed proxyware platform under an attacker’s self-created account so they will acquire the referral bonus that’s bundled to it. And lastly, once the account is activated, the proxyware client will begin to sell the victim’s bandwidth without them knowing.
There are times that threat actors can patch the client against any occurrence of alerts or warnings that can notify the oblivious victim.
A new category of threats could be made from the concept that proxyware platform services can bring to the hacking landscape. It is capable of allowing attackers to utilize any unused bandwidth capacity of the victims without their knowledge. Also, it opens more opportunities for hackers to prey on willing users of the proxyware platforms in sharing their resources without provoking any operational issues.