HITCON FreeTalk 20240726 - Dark side of the Force - 探索暗網威脅【 議題二:Residential proxies and Underground 住宅代理服務地下經濟圈】

HacksInTaiwan 5,424 views 45 slides Aug 12, 2024
Slide 1
Slide 1 of 45
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45

About This Presentation

講師:Fyodor Yarochkin
Senior Threat Researcher, Trend Micro Research

Size: 9.69 MB
Language: en
Added: Aug 12, 2024
Slides: 45 pages

Slide Content

住宅代理服務地下經濟圈
ResidentialproxiesandUnderground
FyodorYarochkin
(andRyanFlores,miaoski, GD)

2| ©2023 Trend Micro Inc.
Agenda
•HuntingResidentialProxies with honeypots
•Marketof Underground of residential proxies
•Provision of Proxies: Proxyware,
infected devices, freeware, SDK
•Monetization: Abusescenariosandunderground
•Conclusion

3| ©2023 Trend Micro Inc.
Credits
•Heavy lifting: miaoski
•GD
credits

4| ©2023 Trend Micro Inc.
Residential proxies ecosystem

5| ©2023 Trend Micro Inc.
What and whyresidential proxy?
•User identies are often profiled (by anti-fraud
systems, anti-bot systems etc)
•Residential proxies, mobile proxies along with
mobile-number-for-sale services allows scalable
impresonation.
•Residential proxies allow geofencing bypass
•Often used cummulatively with other criminal
services
Residential
proxy
Inside J

6| ©2023 Trend Micro Inc.
Other criminal services: SMS PVA

7| ©2023 Trend Micro Inc.
Other criminal services: anti-captcha

8| ©2023 Trend Micro Inc.
Side income?

9| ©2023 Trend Micro Inc.

10| ©2023 Trend Micro Inc.
What is kolotibablo? J
Колотибабло-> hammer
money -> 搖錢樹

How do people get triggered into giving away their computers for proxies?
人民如何被騙?

12| ©2023 Trend Micro Inc.
Passive income:被動收入

13| ©2023 Trend Micro Inc.
被·easyincome騙很容易J

14| ©2023 Trend Micro Inc.
Selling bandwidth (they tell you directly)
•Pawns
•Honeygain
•Repocket
•Earnapp
•PacketShare

15| ©2023 Trend Micro Inc.
ResidentialProxies:more than a single scenario

16| ©2023 Trend Micro Inc.

Undestanding residential proxies: honeypots J
Ran by Philippe Z Lin

Paying service user
”passive income” service
Malicious
node”passive income” service
https://bank..
Residential
VPN/PROXY
service
provider
ResidentialProxies:scam in nutshell :-D

Paying service user
”passive income” service
Malicious
nodeHONEYPOT.
https://bank..
Residential
VPN/PROXY
service
provider
Honeypot-ting the residential proxy infrastructure J

Honeypot capabilities: traffic monitoring

Residential proxy honeypot goldmine
Capabilities:
Map supply chain of residential proxies (some times)
Monitor traffic
Observe use and mis-use of residential proxies

22| ©2023 Trend Micro Inc.
Results (in nutshell)

23| ©2023 Trend Micro Inc.
Results (in nutshell)
•Complexity of residential proxies supply chain: resellers, distributors
•Variety of methods of compromising benign users computers:
freeware, side income, malicious re-packaged applications, hardware
supplychain attacks, software supply chains and compromised SDK

Underground market for proxies

25| ©2023 Trend Micro Inc.

26| ©2023 Trend Micro Inc.

27| ©2023 Trend Micro Inc.

Proxy provision

29| ©2023 Trend Micro Inc.
Proxyware

30| ©2023 Trend Micro Inc.
Infected and compromised apps and devices

31| ©2023 Trend Micro Inc.
https://www.virustotal.com/gui/file/b2f59d479e5da8e6e0b4ad67d34c781ef72d7b8253d4a543cc36a85f7809f07/details

32| ©2023 Trend Micro Inc.

33| ©2023 Trend Micro Inc.
“Shared traffic”

Monetization

35| ©2023 Trend Micro Inc.
Sneakerbots J

36| ©2023 Trend Micro Inc.

37| ©2023 Trend Micro Inc.
Multiple scrappers
•0c5cb3a38f9ddfc0718e1509c091486e4915e558783297973b8c0bb252904a90fly
01.bin
•e568f5280a1258027a6b360680eea0325d20f09ded2835a2a1e8f5a7ecd54275fly
02.bin
•b892bca1bd19359dd58917f84d238ab010f8a51ae9dd33265d05c14cd685cc7afly
03.bin

38| ©2023 Trend Micro Inc.

39| ©2023 Trend Micro Inc.
Pump and Dump schemes

40| ©2023 Trend Micro Inc.

41| ©2023 Trend Micro Inc.
Pump And Dump?
Registation

42| ©2023 Trend Micro Inc.
Banking Fraud

43| ©2023 Trend Micro Inc.

Q&A?

©2023 Trend Micro Inc.
FyodorYarochkin(PhD)
[email protected]
Tags
hitcon hitconfreetalk
Categories
Business
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 5,424
  • Slides 45
  • Age 483 days
Related Slideshows
DTI BPI Pivot Small Business - BUSINESS START UP PLAN 1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
35 views
CATHOLIC EDUCATIONAL Corporate Responsibilities 1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
36 views
Karin Schaupp – Evocation; lançamento: 2000 11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
35 views
Pillars of Biblical Oneness in the Book of Acts 10
Pillars of Biblical Oneness in the Book of Acts
JanParon
30 views
7-10. STP + Branding and Product & Services Strategies.pptx 31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
32 views
Business Legislation PPT - UNIT 1 jimllpkggg 44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
35 views
View More in This Category