Threats Tagged 'socks5'
View all threats tagged with 'socks5'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'socks5'
Click on any threat for detailed analysis and mitigation recommendations
A new Android RAT turning infected devices into potential residential proxy nodes 0 Mirax is a newly identified Android Remote Access Trojan operating as Malware-as-a-Service, actively targeting European users, particularly in Spanish-speaking regions. Distributed through Meta advertisements and GitHub-hosted droppers, the malware has reached over 200,000 accounts. It employs sophisticated techniques including dynamically fetched HTML overlays, comprehensive keylogging, and remote device control capabilities. A distinctive feature is its integration of SOCKS5-based residential proxy functionality, transforming infected devices into proxy nodes that enable attackers to route traffic through legitimate residential IP addresses. This capability allows operators to bypass geolocation restrictions and evade fraud detection systems while conducting account takeovers and transaction fraud. The malware uses commercial-grade obfuscation through Golden Encryption and establishes persistence through Accessibility Service abuse. Join the discussion | AlienVault OTX General | 04/13/2026, 14:27:43 UTC Added: 04/13/2026, 14:46:51 UTC |
Phantom Footprints: Tracking GhostSocks Malware -1 GhostSocks is an emerging threat that turns compromised devices into residential proxy nodes, enabling attackers to evade detection. Originally marketed on Russian underground forums as Malware-as-a-Service, it has gained popularity due to its partnership with Lumma Stealer. Written in GoLang, GhostSocks uses SOCKS5 proxy protocol and TLS encryption to blend malicious traffic into normal network activity. It also incorporates backdoor functionality for running arbitrary commands and deploying additional payloads. Darktrace observed an increase in GhostSocks activity, detecting it alongside Lumma Stealer in customer networks. The malware's versatility in converting devices into proxy nodes while enabling covert network access illustrates how threat actors maximize the value of compromised infrastructure. Join the discussion | AlienVault OTX General | 03/31/2026, 16:14:29 UTC Added: 03/31/2026, 18:53:15 UTC |
GhostSocks: From Initial Access to Residential Proxy 0 GhostSocks is a Malware-as-a-Service (MAAS) that converts compromised devices into residential proxies, enabling threat actors to bypass anti-fraud mechanisms. Introduced in October 2023, it gained popularity after partnering with LummaStealer in February 2024. The malware, coded in Golang, uses obfuscation techniques and can be built as a 32-bit DLL or executable. It doesn't implement persistence mechanisms but focuses on SOCKS5 functionality. GhostSocks uses a configuration file or hardcoded config to connect to C2 servers, randomly generates credentials, and establishes a SOCKS5 connection using open-source libraries. Despite law enforcement actions against related platforms, GhostSocks continues to operate, posing ongoing risks of double victimization and long-term network access for cybercriminals. Join the discussion | AlienVault OTX General | 10/01/2025, 07:39:51 UTC Added: 10/01/2025, 08:49:39 UTC |
Showing 1 to 3 of 3 results