Kamal Ghorui
Federal Bureau of Investigation (FBI) has published this Public Service Announcement (PSA) to raise awareness of residential proxies, the risks they pose, and steps the public can take to safeguard their devices from becoming part of a residential proxy network. Cyber threat actors use residential proxies to facilitate illicit activities, while hiding their true identities and locations by routing internet traffic through home and small business internet networks.For those unaware, a residential proxy is an intermediary server between individuals and websites they visit to make their connections appear to originate elsewhere. Legitimate IP addresses assigned by an Internet Service Provider (ISP) to consumers’ Internet of Things (IoT)1 devices, such as TV streaming devices, digital picture frames, smartphones, tablets, and routers are used to route traffic. Once an internet-connected device is compromised, the device’s IP address can be used by threat actors to mask their online illegal activity, making the consumer appear responsible.
How Residential Proxies Work
A residential proxy is used to route users’ requests through another IoT device, typically located elsewhere in the world. When selecting an IP address, users can choose which country they would like the IP address from, down to the city and state. Doing so alters the users’ IP address from the perspective of the website to that of the device the traffic was routed through.
How Your Device Can Become Part of a Residential Proxy Network
Many individuals do not realize their internet connection could be used by someone else without their permission. Residential proxies obtain residential IP addresses from devices in two ways: The owner of the device provides consent, or the owner of the device does not provide consent and is unaware their IP address is being used.
Methods that criminals use to acquire residential IP addresses
Virtual Private Network (VPNs) with Hidden Terms of Service: Free VPN services may enroll users’ devices in a residential proxy network, without obtaining their consent. The details are often hidden in the terms of service, which most users do not read prior to download, or the language is difficult for the user to understand.Compromised IoT Devices: Criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors or picture frames, aftermarket vehicle infotainment systems, and other products connected to the internet. Criminals configure the device with malicious software prior to it being purchased or infect the device with a backdoor4 while it downloads required applications.Malware: Free online video game content, free sports/tv shows/movies, free software that normally costs money, and torrented content5 can all contain malware that makes a device part of a residential proxy network.Passive Income Schemes: Proxy services convince people to download applications on their device that promise to pay them for their internet bandwidth. People often do not realize that criminals use their internet connection to commit cyber attacks
How Criminals Use Residential Proxies
Residential proxies are a standard tool criminals use to look like ordinary users online and can be used for the following purposes:Malware Distribution and Command and Control (C2) Obfuscation: Residential proxies serve as an intermediary between C2 servers and compromised devices, obfuscating the true location of the threat actor.Phishing and Identity Theft: Residential proxies can be used to host phishing infrastructure or login to accounts using stolen credentials without triggering geolocation-based alerts.Spam and Fake Account Creation: Residential proxies are used to create fake social media, e-commerce, and email accounts.Data Exfiltration: Threat actors use residential proxies to smuggle data out of compromised networks, making tracing more difficult.Brute Force Attacks: Residential proxies allow cyber attackers to rapidly rotate between a large number of IPs, bypassing rate limits and lockout mechanisms.Bypass Content Restrictions: Attackers use residential proxies to misrepresent their locations, allowing access to restricted content and services locked by regions.Host Illicit Marketplaces and Forums: Criminal platform administrators use residential proxies to mask their locations and evade law enforcement.Identity and Location Hiding: Offenders use residential proxies to make it difficult to locate and identify them. If a residential proxy is used, the IP address associated with the criminal activity will not be linked to the offender.Making Illegal Purchases: Residential proxies can be used to login to and make purchases and downloads from illicit marketplaces and forums.Bypass Purchase Restrictions: Criminals use residential proxy platforms to bypass limiters to purchase content en masse to resell at a higher cost, such as concert tickets, new sneakers, and new collectible items like trading cards.Account Takeovers: If a victim’s bank account credentials are leaked on the dark web, criminals could obtain a residential proxy IP address in the same city as the victim and login to the compromised bank account. The victim’s bank is less likely to flag the activity as suspicious.
Tips to Protect Yourself
The FBI recommends individuals take the following precautions to protect themselves from becoming part of a residential proxy network:* Avoid TV streaming devices that claim to provide free sports, TV shows, and movies, as they may contain malware or backdoors that hijack your internet network and can lead to identity theft or other cyber crimes. Exercise caution before downloading free VPN applications, and do not click on pop-up ads from untrusted websites, as they can initiate malware installation on your device.* Do not download pirated software, such as video games and movies, which often include hidden malware that turns your device into a proxy.Use official, trusted application stores. Only trust applications from well-known and reputable publishers. Unofficial application stores may contain applications that will install backdoors into your device or are otherwise malicious. Sideloading unofficial applications on devices like streaming sticks or Android TV boxes increases the chances of installing malicious software.* Keep all operating systems, software, and firmware up to date, and prioritize patching firewall vulnerabilities and known exploited vulnerabilities in internet-facing systems. Timely patching is one of the most efficient and cost-effective steps to minimize exposure to cybersecurity threats.* Some malicious internet-connected devices come from the factory with malware installed. These devices may contain malware even if a “factory reset” is performed. Malicious software often stays on the device even if you uninstall the app or software that was the initial vector. Antivirus software may be able to sanitize your device. If not, reinstalling the operating system on your device may be required to get rid of any malware.* Ignore suspicious emails and do not click on suspicious links. Phishing emails are a technique used by cyber criminals to infiltrate a device.* Maintain awareness and monitor internet traffic of home networks. Assess all IoT devices connected to home networks for suspicious activity.
