- Investigators linked the platform to AVrecon malware targeting some 1,200 device models—often older or unpatched gear—from vendors including Cisco, D‑Link, Hikvision, MikroTik, Netgear, TP‑Link, and Zyxel.
- FBI warnes that many small‑office/home‑office routers remain attractive targets, particularly end‑of‑life devices lacking security updates.
Authorities have dismantled SocksEscort, a massive cybercrime platform that quietly hijacked about 369,000 WiFi routers and internet‑connected devices to mask hackers’ activity behind residential IP addresses.
Marketed as a “residential proxy network,” SocksEscort sold “static residential IPs with unlimited bandwidth,” offering plans from $15 per month for 30 IPs to $200 for 5,000 proxies.
The US Department of Justice said law enforcement in eight countries collaborated to bring down the service, which exploited thousands of residential routers to facilitate large‑scale fraud. Authorities seized 34 domains and 23 servers in seven countries, and the US froze $3.5 million in cryptocurrency.
Europol said infected modems used by the proxy service have been disconnected.
Investigators linked the platform to AVrecon malware targeting some 1,200 device models—often older or unpatched gear—from vendors including Cisco, D‑Link, Hikvision, MikroTik, Netgear, TP‑Link, and Zyxel. Before the takedown, SocksEscort offered access to roughly 8,000 live routers, including about 2,500 in the US.
According to the DoJ, criminals used SocksEscort to conceal their locations while conducting account takeovers, filing fraudulent unemployment insurance claims, and perpetrating other financial scams.
Examples cited include a New York crypto customer defrauded of $1 million, a Pennsylvania manufacturer losing $700,000, and US service members with MILITARY STAR cards defrauded of $100,000. Authorities estimate SocksEscort took in more than €5 million ($5.72 million), relying on anonymous crypto payments.
Europol called proxy services a key enabler of global cybercrime, noting SocksEscort’s botnet also supported ransomware operations, DDoS attacks, distribution of child sexual abuse material, and other offenses.
In a flash advisory, the FBI warned that many small‑office/home‑office routers remain attractive targets, particularly end‑of‑life devices lacking security updates. The bureau urged users to update operating systems, firmware, and software; replace unsupported hardware; disable or restrict remote administration; and monitor logs and network traffic.
It also cautioned that free VPNs, “pay‑for‑bandwidth” apps, pirated software, and some low‑cost devices may surreptitiously enroll users into residential proxy networks. The FBI listed commonly abused models, including D‑Link DIR‑818LW/850L/860L; Hikvision IP cameras; Netgear DGN2200v4 and R7000; TP‑Link Archer C20, TL‑WR840N/849N/841N; and multiple Zyxel routers such as VMG3925‑B10A/B10C.
Despite the takedown, authorities warned that insecure routers remain at risk from other botnets, underscoring the need for basic security hygiene in home and small‑business networks.
Related posts:
- Meta and global police dismantle Southeast Asia scam networks
- Interpol-led sweep targets global cybercrime operations
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
