After tracking it for several years, the US DOJ has successfully seized the Russian RSocks malware botnet this week. This botnet was stated to have hijacked millions of devices around the world for its malicious operations.
The US DOJ has done it with the help of the FBI, who operated this mission jointly with the police forces of a few other European nations where RSocks maintained its infrastructure. Though the DOJ has successfully seized the domain, no arrests of the operators were announced.
RSocks Exploiting Its Customers
Proxy services exploiting their customers in the name of providing free VPN service isn’t new, and RSocks is one of the major players in that industry. But, the US DOJ has today announced that it successfully captured and seized the RSocks infrastructure after studying it for more than five years.
Proxy networks are typical VPN-like services that mask users’ IP addresses with another one that’s picked from the existing pool of IP addresses. And this pool is a gathering of all its customers, who offer their devices as a node to get the free proxy service.
But, malicious proxy services exploit this access by hijacking their customer’s devices, installing malware, and adding them to their botnet – which in turn is used for malicious activities like phishing attacks, credential stuffing, account takeover attempts, etc.
RSocks, in its case, has supposedly hijacked millions of computers, Android smartphones, and IoT devices worldwide to use them as its proxy servers and perform malicious activities. Thus, to stop that, the US DOJ has been observing the RSocks since 2017 to capture them.
Since then, the DOJ used to purchase the RSocks proxy pools ranging from $30 per day for 2,000 proxies to $200 per day for 90,000 proxies and started mapping its infrastructure to find the culprits. At last, the FBI, in a joint operation with the police forces in Germany, the Netherlands, and the United Kingdom, has succeeded in taking down the botnet.
With the help of a few RSocks customers, the FBI replaced their RSocks installed systems with that of government-controlled computers (as honeypots) to find how they were being hijacked. Once they learned, they successfully took down the network this week. Although, no arrests have been announced at this time.