Dutch authorities have announced the removal of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones and IoT devices, to carry out malicious attacks.
According to the Dutch Polity and the National Cyber Security Center (NCSC), the bot network included at least 17 million infected devices. Over 200 servers located in the Netherlands served as the platform’s backend infrastructure.
According to a statement issued by the NCSC, police officers seized a subset of these servers from a hosting provider that provided the infrastructure. The provider is said to have taken the botnet offline after using it for criminal purposes.
Although the name of the botnet was not explicitly mentioned, local news outlet NL Times reported that the service in question was Asox, a company that provides residential proxies. In April 2024, HUMAN’s Satori Threat Intelligence team identified a campaign called PROXYLIB that infected Android devices with proxyware from LumiApps and Asocks.
According to details shared on Asox’s website, the platform advertises corporate, residential and mobile proxies for monthly subscriptions between $5 and $15, with a 5-15% discount for bulk purchases of 10 to 100 proxies.
Residential proxies have legitimate uses and privacy benefits, including access to geographically restricted web resources. However, the ecosystem is also opaque, with many providers serving bad actors who purchase access to compromised devices enrolled in these networks to route malicious traffic and carry out cyberattacks.
“Devices can become part of a botnet when they are accessible to malicious actors,” the NCSC said. “After gaining access, attackers can install malware that allows the device to be controlled remotely. This enables the device to become part of a network used for cybercriminal activities.”
To combat the threat posed by botnet malware, it is advisable to keep operating systems updated, maintain visibility of edge devices such as routers, use strong passwords, enable two-factor authentication wherever possible, install apps from trusted sources, change default passwords, and secure Wi-Fi networks with WPA2 or WPA3.
