VulnHub

Real-time Cybersecurity News

US disrupts SocksEscort proxy network powered by Linux malware

BleepingComputer
Actively Exploited
LinuxExploitMalware

Overview

U.S. and European law enforcement, in collaboration with private partners, have successfully disrupted the SocksEscort proxy network, which was powered by malware called AVRecon targeting Linux devices. This network primarily compromised edge devices, turning them into proxies for cybercriminal activities. The operation is significant as it demonstrates international cooperation in combating cybercrime and highlights the ongoing threat posed by malware that targets Linux systems. The disruption of SocksEscort is expected to hinder the operations of those using the network for illegal purposes, ultimately making it harder for them to execute attacks or conduct illicit activities online. This incident serves as a reminder for organizations to bolster their defenses against malware that can exploit even lesser-known platforms like Linux.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Linux devices compromised by AVRecon malware
  • Action Required: Organizations should implement security measures to detect and remove AVRecon malware from their systems, regularly update software, and monitor network traffic for unusual activity.
  • Timeline: Disclosed on [date]

Original Article Summary

Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. [...]

Impact

Linux devices compromised by AVRecon malware

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date]

Remediation

Organizations should implement security measures to detect and remove AVRecon malware from their systems, regularly update software, and monitor network traffic for unusual activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Exploit, Malware.

Read Original Article

Related Coverage

Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes

Hackread – Cybersecurity News, Data Breaches, AI and More

Law enforcement agencies in Europe and the United States have successfully dismantled the SocksEscort proxy network, which was built using compromised routers. This network was utilized by cybercriminals for various global fraud schemes, allowing them to mask their online activities. The operation involved cooperation between multiple agencies, highlighting the importance of international collaboration in tackling cybercrime. The disruption of this network is significant as it not only affects the criminals who relied on it but also aims to protect individuals and businesses from the fallout of these fraudulent activities. This incident serves as a reminder of the ongoing threat posed by cybercriminals using compromised infrastructure to conduct illegal operations.

Mar 12, 2026

Iran-linked group claims wiper attack and takedown of medical device maker Stryker

SCM feed for Latest

An Iranian-linked group has claimed responsibility for a wiper attack that targeted the medical device manufacturer Stryker, marking a significant escalation in cyberattacks against U.S. companies since the onset of the Iran conflict on February 28. Wiper malware is designed to erase data and disrupt operations, posing serious risks to critical healthcare infrastructure. Stryker, known for its surgical and medical devices, may face operational challenges as a result of this incident. This attack underscores the increasing use of cyber warfare tactics in geopolitical conflicts, raising concerns about the security of other companies in the healthcare sector and beyond. Organizations are urged to bolster their cybersecurity measures to defend against similar threats.

Mar 12, 2026

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

The Hacker News

A new banking malware known as VENON has been discovered, targeting 33 banks in Brazil. This malware is notable for being written in Rust, which differentiates it from other prevalent malware in the region that typically uses Delphi. It specifically aims to steal user credentials by infecting Windows systems. Researchers first identified VENON last month, raising concerns about its potential impact on Brazilian banking customers. This malware represents an evolving threat in the Latin American cybercrime landscape, and users should be vigilant about their online security.

Mar 12, 2026

Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages

Hackread – Cybersecurity News, Data Breaches, AI and More

Scammers are exploiting security features from Cloudflare to mask fraudulent Microsoft 365 login pages, making it harder for users to identify phishing attempts. This tactic allows attackers to evade detection by antivirus software and security systems, putting sensitive information at risk. Users of Microsoft 365 should be particularly cautious, as these phishing pages can look very convincing and lead to credential theft. The situation emphasizes the need for individuals and organizations to remain vigilant about email security and to double-check URLs before entering personal information. Cybersecurity experts are urging users to enable multi-factor authentication to add an extra layer of protection against such scams.

Mar 12, 2026

Veeam warns of critical flaws exposing backup servers to RCE attacks

BleepingComputer

Veeam Software has issued patches for serious vulnerabilities in its Backup & Replication solution, including four critical remote code execution (RCE) flaws. These vulnerabilities could allow attackers to execute malicious code on affected backup servers, potentially leading to data breaches or system takeovers. Organizations using Veeam's software should prioritize applying these patches to safeguard their systems. The risks are particularly concerning for companies that rely on Veeam for data protection, as failing to address these vulnerabilities could leave sensitive data exposed. This incident serves as a reminder for all users of backup solutions to stay vigilant and ensure their software is up to date.

Mar 12, 2026

Authorities takedown global proxy network SocksEscort

CyberScoop

Authorities have dismantled a global proxy network known as SocksEscort, which had compromised routers and Internet of Things (IoT) devices across 163 countries. This botnet reportedly affected around 369,000 victims and generated approximately $5.8 million in revenue for its cybercriminal operators. The operation's scale demonstrates how widespread such threats can be, as compromised devices can facilitate various cybercrimes, including unauthorized access and data theft. The takedown is a significant step in combating the growing issue of botnets, which can put both individuals and organizations at risk. Users are advised to secure their devices and ensure they are not part of such networks.

Mar 12, 2026