Linux.ProxyM malware was well known for infecting almost any Linux devices which include routers, set-top boxes, and other equipment. It affects the devices and launches a SOCKS proxy server on an infected device.
It involved in various activities, in June it was used by cybercriminals to target Raspberry Pi devices for Mining Cryptocurrency, in September it engaged in sending spam messages from infected devices, and it was detected by security researchers from Dr. Web.
Also Read Linux malware that Targets Raspberry Pi for Mining Cryptocurrency
Cybercriminals began using the “Internet of things” to distribute phishing messages. The emails were supposedly sent on behalf of DocuSign—a service that allows users to download, view, sign and track the status of electronic documents.says Dr.Web.
Starting from December attackers using the infected devices of Linux.ProxyM to ensure anonymity and to launch numerous attempts at hacking websites.
To launch hacking attempts they have used various hacking methods.
1.SQL injections – Injection of a malicious SQL code into a request to a website database
2.XSS (Cross-Site Scripting) – Attack method that involves adding a malicious script to a webpage
3.Local File Inclusion (LFI) – To remotely read files on an attacked server
It Launches significant attacks over game servers, forums, and resources on other topics, including Russian websites.
This activity performed in two different threads the first one to list the username, passwords and next thread operation of the SOCKS proxy server.
Mirai uses Telnet ports with default username and passwords, whereas Linux.MulDrop.14 uses SSH ports with default username and passwords.
SHA1:
187842e65c2e4ab4ba48a0805e2fcd85c45e4446
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…