"SocksEscort infected home and small business internet routers with malware. The malware allowed SocksEscort to direct internet traffic through the infected routers. SocksEscort sold this access to its customers. The end goal of services like SocksEscort is to enable paying customers to tunnel internet traffic through compromised devices without the victim's knowledge, offering them a way to blend in and make it harder to differentiate malicious traffic from legitimate activity by concealing their true IP addresses and locations."
"SocksEscort is said to have offered to sell access to about 369,000 different IP addresses in 163 countries since the summer of 2020, with the service listing nearly 8,000 infected routers as of February 2026. Of these, 2,500 were located in the U.S. As of December 2025, SocksEscort's website claimed to offer static residential IPs with unlimited bandwidth and that they can bypass spam blocklists."
"Some of the victims who were defrauded as part of schemes carried out using SocksEscort included a customer of a cryptocurrency exchange who lived in New York and was defrauded of $1 million worth of cryptocurrency; a manufacturing business in Pennsylvania that was defrauded of $700,000; and current and former U.S. service members with MILITARY STAR cards who were defrauded out of $100,000."
SocksEscort operated as a criminal proxy service that infected residential routers and small business internet devices with malware, allowing the service to redirect internet traffic through compromised systems. The operation sold access to approximately 369,000 different IP addresses across 163 countries since mid-2020, with pricing ranging from $15 monthly for 30 proxies to $200 for 5,000 proxies. Customers used this access to conceal their true IP addresses and locations, enabling fraud schemes while evading detection. Victims included a cryptocurrency exchange customer defrauded of $1 million, a Pennsylvania manufacturing business losing $700,000, and U.S. military service members defrauded of $100,000. Operation Lightning, a coordinated international law enforcement effort, successfully dismantled the service.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]