- Joined
- Dec 3, 2020
- Messages
- 1,562
Microleaves is a botnet and antivirus enemy
Microleaves proxy service (Shifter.io) recently patched a vulnerability on its website that exposed the database of all users. The data disclosed as a result of the hack showed that Microleaves proxies are provided by affiliates who are interested in distributing the software in any way, for example, by bundling it with other titles.
Launched in 2013, Microleaves allows customers to route their Internet traffic through computers in virtually any country around the world. Microleaves works by changing the client's IP address every 5-10 minutes.
Abhishek Gupta, PR and marketing manager for Microleaves, said the discovered medium-severity vulnerability is flagged in the new Shifter Bug Bounty program, which offers bounties of up to $2,000.
It is noteworthy that Microleaves has long been classified by antiviruses as adware or as a potentially unwanted program (PUP), which is often installed on a computer when other programs are installed. Kaspersky marks the Microleaves family of software as a Trojan that hijacks a user's Internet connection as a proxy server without notifying the user. These Trojans impersonate Microsoft Windows Update while running, according to Kaspersky.
According to a study by KrebsOnSecurity of the disclosed database, the first registered user "admin" from 2010 to 2017 under the nickname "Acidut" was an active user in several cybercriminal dark forums, including BlackHatWorld, Hackforums, OpenSC and CPAElites.
In a 2011 post on Hackforums, user Acidut claimed to have created a botnet using an exploit kit that generated between 3,000 and 5,000 new bots every day. Acidut also added that his program can be invisibly embedded in other programs.
The analysis revealed that user Microleaves (later "Shifter.io") announced on BlackHatWorld that they were selling 31 million residential IP addresses to use as proxies at the end of 2013. The same account continues to sell subscriptions to Shifter.io.
.png)
According to the portal KrebsOnSecurity, in a post on the BlackHatWorld forum in 2013, Acidut encouraged users to contact him on Skype using the name "nevo.julian". Moreover, this Skype address is listed on the main page of Microleaves.
Microleaves proxy service (Shifter.io) recently patched a vulnerability on its website that exposed the database of all users. The data disclosed as a result of the hack showed that Microleaves proxies are provided by affiliates who are interested in distributing the software in any way, for example, by bundling it with other titles.
Launched in 2013, Microleaves allows customers to route their Internet traffic through computers in virtually any country around the world. Microleaves works by changing the client's IP address every 5-10 minutes.
Abhishek Gupta, PR and marketing manager for Microleaves, said the discovered medium-severity vulnerability is flagged in the new Shifter Bug Bounty program, which offers bounties of up to $2,000.
It is noteworthy that Microleaves has long been classified by antiviruses as adware or as a potentially unwanted program (PUP), which is often installed on a computer when other programs are installed. Kaspersky marks the Microleaves family of software as a Trojan that hijacks a user's Internet connection as a proxy server without notifying the user. These Trojans impersonate Microsoft Windows Update while running, according to Kaspersky.
According to a study by KrebsOnSecurity of the disclosed database, the first registered user "admin" from 2010 to 2017 under the nickname "Acidut" was an active user in several cybercriminal dark forums, including BlackHatWorld, Hackforums, OpenSC and CPAElites.
In a 2011 post on Hackforums, user Acidut claimed to have created a botnet using an exploit kit that generated between 3,000 and 5,000 new bots every day. Acidut also added that his program can be invisibly embedded in other programs.
The analysis revealed that user Microleaves (later "Shifter.io") announced on BlackHatWorld that they were selling 31 million residential IP addresses to use as proxies at the end of 2013. The same account continues to sell subscriptions to Shifter.io.
According to the portal KrebsOnSecurity, in a post on the BlackHatWorld forum in 2013, Acidut encouraged users to contact him on Skype using the name "nevo.julian". Moreover, this Skype address is listed on the main page of Microleaves.
