A new malicious trend threatening networks and people
Threat actors use the tools available to them to achieve success. But often, it isn’t only with bugs like malware or a phishing email campaign. In fact, it’s often legitimate apps, software, and programs providing the perfect foundation for a malware attack. Hackers look to exploit an app, taking advantage of its services to siphon resources for their own operations.
The resources in question vary, though the goal is typically financial gain. Now, it appears threat actors are eying proxyware for exploitation.
What is proxyware?
Proxyware is a legitimate resource implemented by apps and software for the purpose of sharing bandwidth with other devices. It can even share that bandwidth with applications like antivirus and firewall programs.
Where bandwidth is essential, it can be a valuable resource for both personal and professional use. However, because of its connectivity potential, hackers are keen to take advantage too.
Hackers taking advantage of proxy services
Currently, one goal of hackers is to generate revenue from the compromised proxyware. In other schemes, hackers would target a compromised system to install “miners.” This addon would use the system to “mine” cryptocurrency. Often, it would use much of the infected system’s processing power.
In similar fashion, hackers want to take advantage of bandwidth sharing capabilities to install malware and/or cryptominers. Hijacking shared connections are likely to occur without the knowledge of managers, usually in business environments. For example, with lax security protocols, employees may hand out login credentials without knowledge or consent of management, leading to unwanted and unverified connections.
But it’s not only potential rogue staff creating proxyware issues. Malware accompanying a proxyware service and/or app is also a common issue. It’s similiar to bloatware. Companies that don’t scrutinize the software packages they bring on board to their network risk said malware installation.
Additionally, beyond cryptomining, silent installation of the malware proxy service allows the attacker to distribute and “sell” bandwidth to its “clients.”
Defending against proxyware
Proxyware and bandwidth-sharing apps are a new, but growing, service. But like all new concepts it has a ways to go before its totally secure and tested. With new variations appearing on a frequent basis, it will come down to thorough testing and scrutiny of a potential software and/or service. It’s difficult to detect on a basis level, though, given that tracking DNS activity of proxyware uses is very touch and go.
If and when downloading a proxyware service and/or app, security teams need to keep an eye out for unwanted software and bloatware bundles, which likely inject malware into the installed system.
For now, it’s best to only allow proxyware in controlled parts of a network, or, reduce the implementation of the service. Otherwise, careful attention and scrutiny is needed to ensure secure connections.