Big news in cybersecurity today. Europol and US agencies shut down the SocksEscort botnet used to route criminal traffic through everyday routers and IoT devices. 
catenaa.com/markets/cryptocurrencies...
#CyberSecurity #Botnet #Europol

📰 AS dan Eropa Lumpuhkan Jaringan Proxy Kejahatan Siber SocksEscort

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/14/as-dan-eropa-...

#botnet #cyberSecurity #hacking #keamananSiber #linux #malware

Authorities dismantle SocksEscort botnet exploiting 369,000 IPs across 163 countries. A major win against cybercrime! #CyberSecurity #Botnet #SocksEscort #CyberCrime Link: thedailytechfeed.com/authorities-...

Read the full report:
www.technadu.com/socksescort-...

💬 What measures should organizations and consumers take to better secure routers and edge devices?
#Cybersecurity #Botnet #ProxyNetwork #Infosec #Cybercrime

The SocksEscort cybercrime proxy network has been dismantled in an international operation called Operation Lightning.
Authorities say compromised SOHO routers infected with the AVRecon botnet were used to route malicious traffic through residential IPs...
#Cybersecurity #Infosec #Botnet

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network A newly discovered botnet malware called KadNap is targeting primarily ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.

New #KadNap #botnet hijacks #ASUS routers to fuel #cybercrime #proxy network

www.bleepingcomputer.com/news/security/new-kadnap...

#cybersecurity

Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet routers with malware," the U.S. Department of Justice (DoJ) said. "The malware allowed SocksEscort to direct internet

iT4iNT SERVER Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries VDS VPS Cloud #CyberSecurity #Botnet #LawEnforcement #Malware #FraudPrevention

Criminals hijack thousands of devices to create never-before-seen cyber weapon Victims of the KadNap botnet are spread throughout the world

A new #Botnet #Malware named Kadnap is hijacking devices to build a massive network for #cyberattacks. Researchers warn the malware is spreading rapidly by exploiting specific vulnerabilities to gain remote control.
#CyberSecurity #TechNews

Feds Dismantle SocksEscort Proxy Network Used in Global Fraud European and US agencies dismantled the SocksEscort proxy network built on infected routers and used by cybercriminals in global fraud schemes.

Just In: Authorities have dismantled the #SocksEscort proxy network built on infected routers and used by cybercriminals in global fraud schemes.

Read: hackread.com/feds-dismant...

#CyberSecurity #Proxy #Malware #Botnet #CyberCrime

Law enforcement shuts down botnet made of tens of thousands of hacked routers An international law enforcement operation shut down a service called SocksEscort, which allegedly helped cybercriminal...

#Security #botnet #CSAM #cybercrime #cybersecurity #ddos […]

[Original post on techcrunch.com]

Authorities takedown global proxy network SocksEscort The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal c...

#Cybercrime #Cybersecurity #Government #Research #Threats […]

[Original post on cyberscoop.com]

14,000 routers are infected by malware that's highly resistant to takedowns Most of the devices are made by Asus and are located in the US.

14,000 routers are infected by #malware that's highly resistant to takedowns | #security #netsec #Asus #botnet #technology #technews | arstechnica.com/security/202...

Botnet kaapt 14.000 routers wereldwijd - TechNieuwsVandaag.nl Onderzoekers van beveiligingsbedrijf Black Lotus Labs hebben een gevaarlijk botnet ontdekt. Dit botnet heet KadNap en heeft al 14.000 routers overgenomen. Het gaat vooral om ... Lees verder

Botnet kaapt 14.000 routers wereldwijd

Onderzoekers van beveiligingsbedrijf Black Lotus Labs hebben een gevaarlijk botnet ontdekt. Dit botnet heet KadNap en heeft al 14.000 routers overgenomen.

#botnet #KadNap #routers

KadNap Malware Compromises Over 14,000 Edge Devices to Operate Hidden Proxy Botnet   Cybersecurity researchers have identified a previously undocumented malware strain called KadNap that is primarily infecting Asus routers and other internet-facing networking devices. The attackers are using these compromised systems to form a botnet that routes malicious traffic through residential connections, effectively turning infected hardware into anonymous proxy nodes. The threat was first observed in real-world attacks in August 2025. Since that time, the number of affected devices has grown to more than 14,000, according to investigators at Black Lotus Labs. A large share of infections, exceeding 60 percent, has been detected within the United States. Smaller groups of compromised devices have also been identified across Taiwan, Hong Kong, Russia, the United Kingdom, Australia, Brazil, France, Italy, and Spain. Researchers report that the malware uses a modified version of the Kademlia Distributed Hash Table (DHT) protocol. This peer-to-peer networking technology enables the attackers to conceal the true location of their infrastructure by distributing communication across multiple nodes. By embedding command traffic inside decentralized peer-to-peer activity, the operators can evade traditional network monitoring systems that rely on detecting centralized servers. Within this architecture, infected devices communicate with one another using the DHT network to discover and establish connections with command-and-control servers. This design improves the botnet’s resilience, as it reduces the chances that defenders can disable operations by shutting down a single control point. Once a router or other edge device has been compromised, the system can be sold or rented through a proxy platform known as Doppelgänger. Investigators believe this service is a rebranded version of another proxy operation called Faceless, which previously had links to TheMoon router malware. According to information published on the Doppelgänger website, the service launched around May or June 2025 and advertises access to residential proxy connections in more than 50 countries, promoting what it claims is complete anonymity for users. Although many of the observed infections involve Asus routers, researchers found that the malware operators are also capable of targeting a wider range of edge networking equipment. The attack chain begins with the download of a shell script named aic.sh, retrieved from a command server located at 212.104.141[.]140. This script initiates the infection process by connecting the compromised device to the botnet’s peer-to-peer network. To ensure the malware remains active, the script establishes persistence by creating a cron task that downloads the same script again at the 55-minute mark of every hour. During this process, the file is renamed “.asusrouter” and executed automatically. After persistence is secured, the script downloads an ELF executable, renames it “kad,” and runs it on the device. This program installs the KadNap malware itself. The malware is capable of operating on hardware that uses ARM and MIPS processor architectures, which are commonly found in routers and networking appliances. KadNap also contacts a Network Time Protocol (NTP) server to retrieve the current system time and store it along with the device’s uptime. These values are combined to produce a hash that allows the malware to identify and connect with other peers within the decentralized network, enabling it to receive commands or download additional components. Two additional files used during the infection process, fwr.sh and /tmp/.sose, contain instructions that close port 22, which is the default port used by Secure Shell (SSH). These files also extract lists of command server addresses in IP-address-and-port format, which the malware uses to establish communication with control infrastructure. According to researchers, the use of the DHT protocol provides the botnet with durable communication channels that are difficult to shut down because its traffic blends with legitimate peer-to-peer network activity. Further examination revealed that not every infected device communicates with every command server. This suggests the attackers are segmenting their infrastructure, possibly grouping devices based on hardware type or model. Investigators also noted that routers infected with KadNap may sometimes contain multiple malware infections simultaneously. Because of this overlap, it can be challenging to determine which threat actor is responsible for particular malicious activity originating from those systems. Security experts recommend that individuals and organizations operating small-office or home-office (SOHO) routers take several precautions. These include installing firmware updates, restarting devices periodically, replacing default administrator credentials, restricting management access, and replacing routers that have reached end-of-life status and no longer receive security patches. Researchers concluded that KadNap’s reliance on a peer-to-peer command structure distinguishes it from many other proxy-based botnets designed to provide anonymity services. The decentralized approach allows operators to remain hidden while making it significantly harder for defenders to detect and block the network. In a separate report, security analysts at Cyble disclosed a new Linux malware threat named ClipXDaemon. The malware targets cryptocurrency users by intercepting wallet addresses that victims copy to their clipboard and secretly replacing them with addresses controlled by attackers. This type of threat is commonly known as clipper malware. ClipXDaemon is distributed through a Linux post-exploitation framework called ShadowHS and has been described as an automated clipboard-hijacking tool designed specifically for systems running Linux X11 graphical environments. The malware operates entirely in memory, which reduces traces on disk and improves its ability to remain undetected. It also employs several stealth techniques, including disguising its process names and deliberately avoiding execution in Wayland sessions. This design choice is intentional because Wayland’s security architecture introduces stricter restrictions on clipboard access. Applications must usually involve explicit user interaction before they can read clipboard contents. By disabling itself when Wayland is detected, the malware avoids triggering errors or suspicious behavior. Once active in an X11 session, ClipXDaemon continuously checks the system clipboard every 200 milliseconds. If it detects a copied cryptocurrency wallet address, it immediately substitutes it with an attacker-controlled address before the victim pastes the information. The malware currently targets a wide range of digital currencies, including Bitcoin, Ethereum, Litecoin, Monero, Tron, Dogecoin, Ripple, and TON. Researchers noted that ClipXDaemon differs significantly from traditional Linux malware families. It does not include command-and-control communication, does not send beaconing signals to remote servers, and does not rely on external instructions to operate. Instead, the malware generates profits directly by manipulating cryptocurrency transactions in real time, silently redirecting funds when victims paste compromised wallet addresses during transfers.

KadNap Malware Compromises Over 14,000 Edge Devices to Operate Hidden Proxy Botnet #Botnet #KadNap #Linux

"Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices—primarily made by Asus—that have been conscripted into a proxy network that anonymously carries traffic used for cybercrime."

Read More […]

KadNap malware infects over 14,000 edge devices, forming a stealth proxy botnet. Stay vigilant and secure your routers. #CyberSecurity #Malware #KadNap #Botnet Link: thedailytechfeed.com/kadnap-malwa...

Read the full report:
www.technadu.com/asus-routers...

💬 What steps do you take to secure your home or office routers? Share your thoughts below.
#Cybersecurity #Botnet #RouterSecurity #Malware #Infosec

KadNap malware is hijacking Asus routers and enrolling them into a decentralized botnet used for malicious proxy services.
Researchers say it uses a Kademlia DHT protocol to hide its C2 infrastructure and evade takedowns.

What’s your take on router security today?
#Cybersecurity #Botnet #Infosec

📰 Botnet KadNap Baru Membajak Router ASUS untuk Jaringan Proxy Kejahatan Siber

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/11/botnet-kadnap...

#asus #botnet #cyberSecurity #hacking #keamananSiber #malware #router

Botnet KadNap ataca routers da ASUS e cria rede de proxies maliciosos

Botnet KadNap ataca routers da ASUS e cria rede de proxies maliciosos

#asus #botnet #rede

OpenAI BUSTS Russian BotNet Trolling Trump & Scamming! YouTube video by Combat Veteran News

Combat Veteran News made video about #OpenAI busting #Russian #BotNet trolling #Trump & scamming

As I keep saying: #AI is mostly useful for scammers and propagandists

youtu.be/rzRNBc7gkeo?...

#CombatVeteranNews

Botnet Moves to Blockchain, Evades Traditional Takedowns   A newly identified botnet loader is challenging long standing methods used to dismantle cybercrime infrastructure. Security researchers have uncovered a tool known as Aeternum C2 that stores its command instructions on the Polygon blockchain rather than on traditional servers or domains.  For years, investigators have disrupted major botnets by seizing command and control servers or suspending malicious domains. Operations targeting networks such as Emotet, TrickBot, and QakBot relied heavily on this approach.  Aeternum C2 appears designed to bypass that model entirely by embedding instructions inside smart contracts on Polygon, a public blockchain replicated across thousands of nodes worldwide.  According to researchers at Qrator Labs, the loader is written in native C++ and distributed in both 32 bit and 64 bit builds. Instead of connecting to a centralized server, infected systems retrieve commands by reading transactions recorded on the blockchain through public remote procedure call endpoints.  The seller claims that bots receive updates within two to three minutes of publication, offering relatively fast synchronization without peer to peer infrastructure. The malware is marketed on underground forums either as a lifetime licensed build or as full source code with ongoing updates. Operating costs are minimal.  Researchers observed that a small amount of MATIC, the Polygon network token, is sufficient to process a significant number of command transactions. With no need to rent servers or register domains, operators face fewer operational hurdles.  Investigators also found that Aeternum includes anti virtual machine checks intended to avoid execution in sandboxed analysis environments. A bundled scanning feature reportedly measures detection rates across multiple antivirus engines, helping operators test payloads before deployment.  Because commands are stored on chain, they cannot be altered or removed without access to the controlling wallet. Even if infected devices are cleaned, the underlying smart contracts remain active, allowing operators to resume activity without rebuilding infrastructure.  Researchers warn that this model could complicate takedown efforts and enable persistent campaigns involving distributed denial of service attacks, credential theft, and other abuse.  As infrastructure seizures become less effective, defenders may need to focus more heavily on endpoint monitoring, behavioral detection, and careful oversight of outbound connections to blockchain related services.

Botnet Moves to Blockchain, Evades Traditional Takedowns #Blockchain #Botnet #Cyberrisks

Ayysshush Botnet: A Persistent Threat to ASUS Routers The Ayysshush botnet campaign poses a serious cybersecurity threat, compromising over 9,000 ASUS routers since March 2025.

🚨🔐 New blog alert! Discover the Ayysshush Botnet, a persistent threat targeting ASUS routers. Learn how to protect your devices! Read more: innovirtuoso.com/cybersecurity-threats/un... #Cybersecurity #Botnet #ASUS

Will 'AI' Clickbait Destroy Political Commentary'? YouTube video by Beyond America: Canada Looking South

How to spot fake AI generated channels on youtube👀
#Bluesky #Politics #Resist #Democracy #Resistance #Canadasky #Canada #cdnpoli #Boycotts #America #𝓢𝓽𝓮𝓿𝓮𝓜𝓲𝓵𝓮𝓼𝓝𝓮𝓽 #NeverVoteConservative #botnet #botnetwork #USApoli
youtu.be/eBb6hmLH5G4?...

Cybersecurity researchers uncover Aeternum C2, a botnet leveraging blockchain for resilient command-and-control infrastructure. #CyberSecurity #Blockchain #Botnet #AeternumC2 Link: thedailytechfeed.com/cybersecurit...

Your smart TV may be crawling the web for AI Some TV apps let you watch programming with fewer ads, as long as you allow your TV to participate in a global proxy network.

#privacy #ai #botnet #ddos
www.theverge.com/column/88524...

🕸️ Your smart TV may be crawling the web for AI

｢ This approach allows the company to capture localized versions of websites, but also helps to circumvent web crawler blacklists. The gathered data is then resold to companies to train AI models, among other things ｣

#privacy #ai #botnet #ddos

Paul Cargnello w/Jonathan Emile - Fascists In Our Midst YouTube video by Paul Cargnello - Official

Say it again I AM "ANTIFA"
#Politics #Resist #Democracy #Resistance #Canadasky #Canada #cdnpoli #Boycotts #America #𝓢𝓽𝓮𝓿𝓮𝓜𝓲𝓵𝓮𝓼𝓝𝓮𝓽 #neverthe51ststate #EightySixFortySeven #nomorewar #BoycottUsCars #MarkCarney #NeverVoteConservative #Fascism #fascist #botnet #botnetwork
youtu.be/l2WgEOr-jaI?...

Repeat after me. I AM "ANTIFA"
#Politics #Democracy #Resistance #Canadasky #Canada #cdnpoli #Boycotts #America #𝓢𝓽𝓮𝓿𝓮𝓜𝓲𝓵𝓮𝓼𝓝𝓮𝓽 #neverthe51ststate #EightySixFortySeven #BoycottUsCars #MarkCarney #NeverVoteConservative #extortion #Treason #NeverPierrePoilievre #Fascism #fascist #botnet #botnetwork

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown Glupteba botnet read more about Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown reconbee.com/aeternum-c2-...

#Aeternumc2botnet #botnet #Polygon #blockchain #cyberattacks