Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

A threat actor is monetizing vulnerable Internet-of-Things (IoT) devices by infecting them with malware and listing them as residential proxies within minutes after exploitation, Trend Micro reports.

Tracked as Water Barghest, the adversary has compromised over 20,000 IoT devices to date, renting them to threat actors looking to anonymize their activities.

Active for at least five years, Water Barghest has remained under the radar by extensively relying on automation, erasing log files to cover its tracks, and only accepting cryptocurrency payments.

The threat actor acquires IoT device vulnerabilities (including zero-days), uses publicly available online scanners to identify vulnerable devices, and then attempts to exploit them from a set of data center IP addresses. Compromised devices are quickly monetized on specialized marketplaces.

See more
Security Week:
https://www.securityweek.com/threat-actor-turns-thousands-of-iot-devices-into-residential-proxies/

The Hackers News: https://thehackernews.com/2024/11/ngioweb-botnet-fuels-nsocks-residential.html

#cybersecurity #malware #ngioweb