\n<\/p>\n
A global coalition of law enforcement agencies shut down a botnet made of tens of thousands of hacked home and small business routers on Wednesday.<\/p>\n
The operation targeted SocksEscort, which offered paid proxy services<\/a> and was built on a botnet of hacked routers used to commit various crimes, such as hacking into victims\u2019 bank and cryptocurrency accounts and filing fraudulent unemployment insurance claims, according to an announcement<\/a> published on Thursday by the Department of Justice (DOJ). The DOJ said the crimes facilitated by SocksEscort cost Americans millions of dollars.\u00a0\u00a0<\/p>\n Europol said in its announcement<\/a> of the operation that the SocksEscort botnet allegedly compromised more than 369,000 routers and Internet of Things devices in 163 countries and that the infected routers \u201chave been disconnected from the service.\u201d The law enforcement agency said SocksEscort was used to facilitate ransomware, distributed denial of service (DDoS<\/a>) attacks, and the distribution of child sexual abuse material (CSAM).<\/p>\n \u201cCustomers of the criminal service paid for licenses to abuse these infected devices, hiding their original IP addresses to engage in various criminal activities,\u201d said Europol. \u201cUpon infection with the malware, the modems\u2019 owners would not be aware that their IP addresses were used for illegitimate activities.\u201d<\/p>\n The content of the SocksEscort official website was replaced by a notice<\/a> announcing the seizure, as part of the law enforcement operation.\u00a0<\/p>\n The botnet was composed of around 280,000 routers since last January and was powered by malware called AVRecon, according to cybersecurity firm Black Lotus Labs<\/a>, which tracked SocksEscort and worked with law enforcement in the takedown operation.<\/p>\n \u201cThis botnet posed a significant threat, as it was marketed exclusively to criminals,\u201d the company wrote in its post about the takedown. \u201cNotably, over half of its victims were located in the United States or the United Kingdom, enabling attackers to conduct highly targeted operations.\u201d<\/p>\n In 2023, Black Lotus Labs called<\/a> SocksEscort \u201cone of the largest botnets targeting small-office\/home-office (SOHO) routers seen in recent history.\u201d\u00a0<\/p>\n At the time, cybersecurity journalist Brian Krebs reported<\/a> that SocksEscort was born in 2009 as a Russian-language service selling access to thousands of hacked computers.<\/p>\n<\/div>\n