Cyber security researchers from BitSight they discovered a proxy botnet that includes over 10,000 machines infected. The data bandwidth from these devices is then sold to third parties in the Dark Webin exchange for cryptocurrencies.
As reported by BleepingComputer, the discovered proxy botnet is called Soccer5Systemz. The unidentified hackers used two separate loaders viz PrivateLoader e Ready, to infect endpoints and assimilate them into the system. Loaders are usually distributed via phishingexploiting exploit, malvertising o counterfeit software.
The research carried out did not provide information regarding the earnings of the hackers behind this operation but, certainly, it is known that it has been active since 2016.
The Soccer5Systemz network involves countries all over the world
BitSight researchers have managed to identify an important control infrastructure, which includes 53 server proxy, backconnect, DNS resulting in the acquisition of addresses located throughout Europe (but especially in France, the Netherlands, Sweden and Bulgaria).
As for victims, Soccer5Systemz appears to be targeting any geographic area, with cases recorded in India, the United States, Brazil, Colombia, South Africa, Argentina and Nigeria.
Botnet proxy networks are certainly nothing new in the context of cybercrime. Last summer, AT&T Alien Labs reported that it had detected malware distributed through counterfeit video game software and other illegal apps, targeting Windows users and turning their devices into botnet endpoints.
The malware silently downloaded and installed a malicious proxy application, and even antivirus programs did not flag such software as malicious. In this way it is estimated that they were infected more than 400,000 Windows systems all over the world.
There is also no shortage of cases in which less than honest services, through confusing documentation, obtain the context of the users themselves to become part of an infrastructure of this type.