New malware could be selling off your internet bandwidth

New research by Cisco’s Talos intelligence group, has found that threat actors have begun abusing internet-sharing apps, commonly referred to as proxyware

Proxyware platforms are increasingly targeted in cybercrime operations aimed at distributing malware or at monetising the internet bandwidth of victims, according to Cisco’s Talos research and intelligence unit.

The popularity of these platforms has increased rapidly over the past several years, with hundreds of thousands of users already joining them. Legitimate users, however, aren’t the only ones to show increasing interest in proxyware platforms. 


What is Proxyware? 


Proxyware, also known as internet-sharing applications, are legitimate services that allow users to portion out part of their internet connection for other devices, and may also include firewalls and antivirus programs. 

Other apps will allow users to 'host' a hotspot internet connection, providing them with cash every time a user connects to it. 

It is this format, provided by legitimate services including Honeygain, PacketStream, and Nanowire, which is being used to generate passive income on behalf of cyberattackers and malware developers. 


How are malicious actors using these platforms? 


According to the researchers, proxyware is being abused in the same way as legitimate cryptocurrency mining software: quietly installed, either as a side component or as a main payload, and with efforts taken to try and stop a victim from noticing its presence, such as through resource use control and obfuscation. 

In cases documented by Cisco Talos, proxyware is included in multi-stage attacks. An attack chain begins with a legitimate software program bundled together with a Trojanised installer containing malicious code. When the software is installed, the malware is also executed. One campaign has utilised a legitimate, signed Honeygain package which was patched to also drop separate, malicious files containing an XMRig cryptocurrency miner and to redirect the victim to a landing page connected to Honeygain referral codes. 

Once the victim signs up for an account, this referral earns revenue for an attacker, all the while a cryptocurrency miner is also stealing computer resources. 

This isn't the only method used to generate cash, in a separate campaign, a malware family was identified that tries to install Honeygain on a victim's PC and registers the software under an attacker's account, and so any earnings are sent to the fraudster. 

"While Honeygain limits the number of devices operating under a single account, there is nothing to stop an attacker from registering multiple Honeygain accounts to scale their operation based on the number of infected systems under their control," the researchers say. 




Featured Articles

ICYMI: Energy crisis IT threat and rich are drawn to digital

A week is a long time in tech, so here are some of Technology Magazine’s most popular articles which have been starting conversations around the world

Cyber increasingly a growth enabler, Deloitte study shows

Deloitte's 2023 Global Future of Cyber survey highlights the imperative for organisations to move cybersecurity from threat assessment to growth enabler

Trillions of dollars created by growing US wireless industry

In 2020 alone, the US wireless industry created US$1.3 trillion in gross output, $825 billion in GDP, and over four million jobs for the national economy

Energy crisis posing threat to IT companies' sustainability

Enterprise IT

Data backup gives way to data protection and cybersecurity

Cloud & Cybersecurity

Rich investors drawn to digital assets despite crypto crash

Digital Transformation