AVrecon malware-infected routers exploited as residential proxies by SocksEscort
The Federal Bureau of Investigation (FBI) has released a FLASH to disseminate indicators of compromise (IOCs) and identified tactics, techniques and procedures (TTPs) associated with AVrecon malware.
This malware has been observed targeting routers and other Internet of Things (IOT) devices, located in approximately 163 countries around the world, including the United States. SocksEscort is believed to have compromised and sold access to approximately 369,000 devices since 2020.
Threat actors have been found to compromise routers, install AVrecon Malware, and then sell access to the compromised devices as residential proxies using the SocksEscort residential proxy service.