Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks.
Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones.
The action was carried out following an investigation from the Police in collaboration with the country’s cybersecurity agency, the National Cyber Security Centre (NCSC).
“The network was discovered following a report from a security researcher to the NCSC. The NCSC subsequently informed the police. Together, they took up the report and conducted an investigation.” reads the press release published by NCSC. “The investigation revealed that the botnet consisted of at least 17 million infected devices and that the 200 servers used to host the infrastructure were located in the Netherlands.”
A security researcher uncovered the botnet after reporting it to the Dutch NCSC, which worked with police to investigate. Police seized several servers for forensic analysis, while the hosting provider shut down the infrastructure after confirming it was being used for criminal operations.
According to the Netherland Times, the botnet is linked to ASOCKS, a residential proxy seller that provides services designed to hide users’ identities and locations online. These services can be abused for cybercrime, including DDoS attacks, phishing campaigns, botnet operations, and web scraping. Dutch authorities warned that residential proxies make malicious traffic appear legitimate, complicating detection and mitigation efforts because attacks can seem to originate from normal local internet users.
“The Asocks network operated as a “residential proxy service,” in which cybercriminals covertly infected poorly protected consumer devices with malware.” reports NLTimes. “These compromised devices were then used to route internet traffic and launch large-scale cyberattacks, all without the knowledge of their rightful owners.”
In 2024, security firm HUMAN Security linked the Proxylib botnet to ASOCKS after finding infected devices routing traffic through ASOCKS infrastructure. Researchers discovered 28 Android apps on Google Play that secretly enrolled up to 190,000 devices into the proxy network without users’ knowledge or consent.
Devices can become part of a botnet after attackers exploit vulnerabilities or weak security to install malware and take remote control. To reduce the risk, users should keep systems and apps updated, use strong passwords and two-factor authentication, secure Wi-Fi networks, avoid suspicious downloads or links, install software only from trusted sources, and regularly monitor connected devices with security tools.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, botnet)