Cryptojacking has become fairly well-known around the world: Victim resources are stolen to contribute to a mining pool in exchange for money that is given to the attacker. A lesser-known technique that has been on the rise recently is called proxyjacking.
With proxyjacking, the attacker doesn't just steal resources but also leverages the victim's unused bandwidth. The victim's system is covertly used to run various services as a P2P proxy node that the attackers have recently started to monetize through organizations such as Peer2Profit or Honeygain. These companies provide the average user the opportunity to get paid for their extra bandwidth, an attractive, and legitimate, prospect to many people and entities.However, these sites often do not ask questions about how the new proxy node was sourced, which is where the illegitimacy begins. Although the act of proxyjacking has been around for some time now, it has only recently begun to be used strictly for profit, which is what we have observed in this campaign.