Free, Unbiased, and Open threat intelligence
Free, Unbiased, and Open threat intelligence
threat Profile
The Aisuru botnet, which has infected at least 700,000 IoT devices since August 2024, has been overhauled to transition from conducting massive DDoS attacks to operating as a residential proxy service. The botnet previously executed record-breaking DDoS attacks reaching 6.3 terabits per second against KrebsOnSecurity and demonstrated capabilities of nearly 30 terabits per second. The botmasters updated their malware to enable infected devices to be rented to residential proxy providers, allowing cybercriminals to anonymize their traffic through compromised IoT devices including routers and security cameras. This shift supports large-scale data harvesting and AI content scraping operations. The botnet's infrastructure includes an SDK that forces Android-infected systems to query specific domains. Multiple ISPs have experienced significant operational impact with outbound DDoS attacks exceeding 1.5 terabits per second from Aisuru-infected customer devices, causing network disruptions and router line card failures. The botnet appears to have partnerships with various proxy networks and is contributing to the massive expansion of residential proxy services used for content scraping, ad fraud, credential stuffing, and AI training data collection.
Malware
Published
7 months ago
Views
8