BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Global Botnet SocksEscort Dismantled by FBI, Europol

Operation Lightning dismantles SocksEscort botnet, seizing assets and stopping AVrecon malware fraud.

  • An international law enforcement operation called Operation Lightning has dismantled the SocksEscort proxy service, a botnet made from over 8,000 compromised residential routers.
  • The criminal service, active since at least 2020, enabled fraud allowing attackers to hide their locations, leading to theft including a $1 million cryptocurrency exchange customer loss.
  • Authorities seized 34 domains, 23 servers, and froze $3.5 million in cryptocurrency, while investigating a payment platform that received over ~$5.4 million in funds.
  • The botnet was powered by AVrecon malware, which infected devices through critical router vulnerabilities, permanently compromising them with a custom firmware flash.

An international consortium of law enforcement agencies has successfully dismantled a major criminal proxy service, known as SocksEscort, which enslaved thousands of residential and small business routers into a global botnet to facilitate large-scale fraud. The court-authorized operation, named Operation Lightning by Europol, involved authorities from the United States and seven European nations.

- Advertisement -

The U.S. Department of Justice (DoJ) stated that the service infected devices with malware, allowing it to sell access to tunnel internet traffic through them. Consequently, SocksEscort offered access to roughly 369,000 different IP addresses across 163 countries, listing nearly 8,000 infected routers as recently as February 2026.

The primary victims of fraud enabled by this service included a cryptocurrency exchange customer in New York, who lost $1 million, and a Pennsylvania manufacturing business defrauded of $700,000. Meanwhile, Europol said the compromised routers facilitated crimes like ransomware, DDoS attacks, and the distribution of CSAM.

The operation resulted in the takedown of 34 domains and 23 servers located across seven countries. Furthermore, authorities have frozen $3.5 million in cryptocurrency linked to the service, which customers paid for using an anonymous platform that processed over ~$5.4 million (EUR 5 million).

The technical backbone of the operation was the AVrecon malware, which Lumen Black Lotus Labs first documented in July 2023. According to a U.S. Federal Bureau of Investigation alert, the malware exploited critical vulnerabilities in roughly 1,200 device models from brands like Cisco and Netgear.

- Advertisement -

To achieve permanent infection, threat actors used the device’s update mechanism to flash a custom firmware image. This action effectively disabled the device’s own update and flashing features, thereby making remediation extremely difficult for victims.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AI freelancers could drive $262B in stablecoin payments by 2033

Swyftx projects that $262 billion of the AI-native gig economy's payment volume could be...

LINE NEXT launches global stablecoin platform Unifi

LINE NEXT has launched Unifi, a non-custodial stablecoin platform, now available globally as it...

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Must Read

Forex Trading Vs Crypto Trading: Which One Should You Choose?

So you're trying to decide between two types of trading: Forex and cryptocurrency.Forex trading is the big player in the trading world, with lots...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading