Connect with us

Cybercriminals make money from their victims by selling internet connections

Published

on

Hackers use legitimate services that allow users to share part of their Internet connection for other devices.

Cybercriminals have recently begun using their victims’ internet connections to secretly generate illegal income after being infected with malware. According to researchers from Cisco Talos, proxyware is becoming more common in cybercrime.

Proxyware are legitimate services that allow users to share part of their Internet connection for other devices. These programs can also include firewalls and anti-virus solutions. The applications will allow you to “host” your Internet connection through an access point, generating income every time a user connects. It is this format, provided by legitimate services such as Honeygain, PacketStream, and Nanowire, that cybercriminals and malware developers use to generate passive income.

According to experts, proxyware is used for malicious purposes in the same way as legitimate cryptocurrency mining software. Hackers try to unnoticeably install software on the victim’s device and hide its presence.

Proxyware has been used in multi-stage attacks. The chain of attacks begins with the installation of legitimate software associated with a Trojan installer containing malicious code. When the software is installed, the malware is launched. One campaign used a legitimate signed Honeygain package that was modified to download separate malicious files containing the XMRig cryptocurrency miner and to redirect the victim to a landing page associated with Honeygain referral codes. After the victim registers an account, the referral generates income for the attacker. All this time, the cryptocurrency miner is also stealing computer resources.

However, this is not the only method of obtaining funds. As part of a separate campaign, a family of malware was identified that tries to install Honeygain on the victim’s computer and registers the software under the attacker’s account, so all proceeds are sent to the fraudster.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

Latest News

Advertisement