ProxyBack is a malicious software which was discovered in 2014 but whose operation had not yet become clear. Specifically, the system is able to infect our computers and turn them into a real “enslaved servants”.
The researchers at Palo Alto Networks(the security company that discovered this malware) have discovered a new type of malware that infects home computers and turns them into Internet proxies, they also speculate these home PCs are being used by a Russian company inside their Web proxy service.
Thus, researchers at Palo Altos Networks believe similar to WireLurker and KeyRaider this malware have affected team proxies, act as intermediaries between a web browser and Internet controlled by the attackers (who “send instructions” through basic HTTP requests).
Unfortunately, experts said would suggest that ProxyBack Malware and infected more than 11,000 machines. Its favorite targets would be the educational institutions apparatus and household PCs. Devices which, although not have been used to conceal the location of cybercriminals as you might think, have served to channel the network traffic illegally.
In fact, many of these IPs are offered as trusted servants in buyproxy.ru , online proxy service that operates outside Russia. Despite knowing the web, researchers have been unable to identify the perpetrators. Moreover, Jeff White, Palo Alto Networks, says that “if people behind Buyproxy is responsible or not for the distribution of malware ProxyBack is still a mystery”.