The Cisco Talos research team noted the increased interest of cybercriminals in legitimate “proxyware” software that allows users to share part of their Internet connection with other devices. In fact, cybercriminals use proxyware on the same principle as legitimate cryptocurrency mining software.
To make a profit, it is enough to secretly install such an application on the victim's system. In particular, Cisco Talos specialists observed the use of proxyware in multi-stage attacks, which began with a bundle of a harmless program with an installer containing malicious code. When the user installed the software, the Trojan was automatically installed as well. One of the campaigns, for example, involved a signed package from Honeygain, a well-known proxyware service.
Cybercriminals have supplied it with malicious files that turn off the cryptocurrency miner XMRig. Then the user was redirected to a page with Honeygain referral codes. As soon as the victim created an account, the referral system brought profits to the attacker. Additionally, the miner used computer resources to mine digital currency. In another campaign, the attackers tried to install Honeygain on a user's system and then register the software under an account belonging to the attackers.
In other words, the user's bandwidth is simply sold and the perpetrator makes a profit.
To make a profit, it is enough to secretly install such an application on the victim's system. In particular, Cisco Talos specialists observed the use of proxyware in multi-stage attacks, which began with a bundle of a harmless program with an installer containing malicious code. When the user installed the software, the Trojan was automatically installed as well. One of the campaigns, for example, involved a signed package from Honeygain, a well-known proxyware service.
Cybercriminals have supplied it with malicious files that turn off the cryptocurrency miner XMRig. Then the user was redirected to a page with Honeygain referral codes. As soon as the victim created an account, the referral system brought profits to the attacker. Additionally, the miner used computer resources to mine digital currency. In another campaign, the attackers tried to install Honeygain on a user's system and then register the software under an account belonging to the attackers.
In other words, the user's bandwidth is simply sold and the perpetrator makes a profit.
