Security researchers from DomainTools have discovered a new BlackProxies residential proxy service, which, according to advertising, sells access to a million proxy addresses around the world.
Experts warn that BlackProxies is quickly gaining popularity among hackers, phishers, resellers and scammers, although it supposedly prohibits malicious and illegal activities.
List of prohibited actions
Let me remind you that we also talked that Phishing Platform Caffeine Targets Russian and Chinese Services, and also that Hackers Sold Access to 576 Corporate Networks.
The appearance of a large platform of this kind is a notable development, experts say, given that several such services have been shut down by law enforcement over the past couple of years, including RESNET and INSORG.
The media also wrote that Operator of the proxy botnet Russian2015 pleaded guilty.
The report notes that residential proxies tend to use the IP addresses of ordinary users rather than the address space of data centers, making them ideal for running trading bots, as well as for attackers who want to “hide” in normal traffic. Sometimes users become proxy servers voluntarily (for a fee), but more often this happens due to infection of their computers, IoT devices and routers with malware.
Cybercriminals tend to use residential proxies to increase the effectiveness of their attacks while hiding from law enforcement and blockers.
BlackProxies operators claim to have access to a pool of 1,000,000 IPs from around the world, all of which come from real users, which provides the required unlocking, low detection rate, and good speed. In addition, the service offers an auto-rotation system that automatically updates IP addresses, ensuring that each request is made from a new address.
It also provides customers with a dashboard with real-time usage statistics and a REST API to provide flexibility and possibly resell.
BlackProxies services are priced at $14 per day, $39 per week, or $89 per month (the trial package costs $4.9).
DomainTools analysts examined the platform and found that the claims of a huge pool of IP addresses are false. In fact, the service has approximately 180,000 available IP addresses. The researchers note that this is still quite a lot and significantly exceeds the capabilities of many other platforms and botnets.
The report also notes that one of the infrastructure IP addresses of the service was previously associated with other shadow platforms.
Bleeping Computer reports that BlackProxies is currently being actively promoted on hacker forums, in topics dedicated to credential stuffing attacks and account hijacking.