Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.

The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the Netherlands acted as the platform’s backend infrastructure.

According to a statement issued by the NCSC, police officials seized a subset of these servers from a hosting provider that provided the infrastructure. The provider is said to have subsequently taken the botnet offline following its use for criminal purposes.

Although the name of the botnet was not explicitly mentioned, local news outlet NL Times reported that the service in question was Asocks, a company that offers residential proxies. In April 2024, HUMAN’s Satori Threat Intelligence team identified a campaign dubbed PROXYLIB that involved infected Android devices with proxyware from LumiApps and Asocks.

Per details shared on Asocks’ website, the platform advertises corporate, residential, and mobile proxies for monthly subscriptions between $5 and $15, with 5-15% discounts for bulk purchases ranging from 10 to 100 proxies.

Residential proxies have legitimate uses and privacy benefits, including to access geographically-restricted web resources. However, the ecosystem is also shadowy, with many providers catering to bad actors who purchase access to compromised devices enrolled in these networks to route malicious traffic and carry out cyber attacks.

“Devices can become part of a botnet when they are accessible to malicious actors,” NCSC said. “After gaining access, attackers can install malware that allows the device to be controlled remotely. This enables the device to become part of a network used for cybercriminal activities.”

To counter the threat posed by botnet malware, it’s advised to keep the operating systems up-to-date, maintain visibility of edge devices like routers, use strong passwords, enable two-factor authentication wherever possible, install apps from trusted sources, change default passwords, and secure Wi-Fi networks with WPA2 or WPA3.