Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center NCSC, consisted of at lea...

Static Attribution of Android Residential Proxy Malware Using Graph Kernels

Android residential proxy applications represent a growing class of potentially-unwanted programs PUPs that covertly route third-party traffic through end-user devices, enabling ad fraud, credential abuse, and evasion of geolocation controls by sophisticated threat actors. Attributing an unknown...

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The...

PT-2025-17927

Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 3.9.15 Craft CMS versions prior to 4.14.15 Craft CMS versions prior to 5.6.17 Description Craft CMS is vulnerable to remote code execution. This is a high-impact, low-complexity issue actively exploited by the Mimo...

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate...

CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. "Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward th...

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

Poorly managed Microsoft SQL MS SQL servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers,...

Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk

In this investigation, we analyzed several prominent "passive income" applications and found out that there may be security risks upon participating in these programs...

[Security Nation] Craig Williams of Cisco Talos on Proxyware

!\Security Nation\ Craig Williams of Cisco Talos on Proxywarehttps://blog.rapid7.com/content/images/2021/09/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Craig Williams, recently of Cisco Talos, about proxyware and integrating security acquisitions the right way...

Talos Takes Ep. #66: Dude, where's my bandwidth?

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. “Proxyware” sounds like a complicated topic that you’re too afraid to ask about. But really, it’s just software that... Th...

Threat Source newsletter (Sept. 2, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday aka internet-sharing applications. Attackers are hiding in this newly popular... This is only the...

Attracting flies with Honey(gain): Adversarial abuse of proxyware

By Edmund Brumaghin and Vitor Ventura. With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between.As proxyware has...

Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging...

Proxyware Services Open Orgs to Abuse – Report

Services that allow consumers to resell their own internet bandwidth for profit to businesses that want to resell it are ripe for abuse, according to researchers. The burgeoning business model is growing in popularity with consumers who earn about $1 for every 10GB of their bandwidth shared with...