The attackers are now targeting internet-sharing via proxyware platforms such as Honeygain and Nanowire to make illegal bucks.These platforms allow users to share a small percentage of internet bandwidth in exchange for nominal charges.
Attackers were also observed installing digital currency miners and info-stealers to earn additional revenue.Researchers have spotted a malware family dropping a patched version of the Honeygain client, info-stealer, and XMRig miner which inturn deliver Nanowire clients. Attackers can always register numerous accounts to increase their operational capabilities.
The business model of commercializing extra bandwidth is very lucrative to users, and at the same time, it is getting traction among attackers as well. The attacker quietly installs a malicious code bundled with a genuine proxyware client software on the victim’s devices.
The malware family then attempts to install the proxyware on the victim’s PC. It registers the software under an account created by attackers to provide a referral bonus to the attackers. Once activated, the proxyware client starts selling the victim’s bandwidth without their awareness. In some cases, hackers even patch the client to block any warning that could alert the victim.
The concept of proxyware services may be the beginning of a new category of threats, similar to cryptojacking. The threat allows attackers to harness the additional unused capacity without leaving any clues for the victims. Attackers can easily prey on genuine users who are willing to use proxyware services to share their resources, without raising any concerns about performance issues.