Threats Tagged 'proxy service'
View all threats tagged with 'proxy service'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'proxy service'
Click on any threat for detailed analysis and mitigation recommendations
KadNap Malware Turning Asus Routers Into Botnets 0 A sophisticated new malware called KadNap has been discovered targeting Asus routers and conscripting them into a botnet for proxying malicious traffic. The malware employs a custom version of the Kademlia Distributed Hash Table protocol to conceal its command-and-control infrastructure within a peer-to-peer system, evading traditional network monitoring. The botnet, which has grown to over 14,000 infected devices, is marketed by a proxy service called Doppelganger, tailored for criminal activity. More than 60% of KadNap's victims are based in the United States. The malware demonstrates versatility by targeting various edge networking devices and employing different C2 servers for different victim types. Join the discussion | AlienVault OTX General | 03/11/2026, 10:02:07 UTC Added: 03/11/2026, 10:13:55 UTC |
IPCola: A Tangled Mess 0 IPCola is a proxy service leveraging millions of IP addresses sourced from IoT, desktop, and mobile devices. It is linked to Gaganode, a decentralized bandwidth monetization platform with botnet-like features and an SDK capable of remote code execution. The service is distributed via various applications, including Chinese TV boxes and free software, creating a complex proxy network involving InstaIP and NuoChen Technology. This infrastructure enables attackers to harness a large pool of unique IPs for proxying traffic, potentially masking malicious activities. Although no known exploits are currently active, the remote code execution capability poses significant risks. The threat is medium severity due to the potential for widespread abuse and the difficulty in detecting such proxy networks. European organizations could be impacted by abuse of these IPs for anonymizing attacks or evading detection. Mitigation requires enhanced network monitoring, blocking suspicious IP ranges, and scrutinizing applications that may embed the Gaganode SDK. Countries with high IoT adoption and significant use of Chinese-origin devices, such as Germany, France, and the UK, are more likely to be affected. Join the discussion | AlienVault OTX General | 12/02/2025, 21:13:46 UTC Added: 12/03/2025, 11:01:25 UTC |
Showing 1 to 2 of 2 results