Law enforcement in the United States and Europe disrupted SocksEscort, a malicious proxy service built from compromised routers and IoT devices that enabled DDoS, ransomware, and the distribution of child abuse material. Authorities seized domains and servers, froze $3.5 million in cryptocurrency, disconnected infected modems, and the FBI warned that AVrecon malware was used to infect hundreds of thousands of devices across many router models. #SocksEscort #AVrecon
Keypoints
- International law enforcement disrupted SocksEscort, a proxy service used to conceal criminal activity.
- SocksEscort relied on compromised routers and IoT devices, linking roughly 363,000 IP addresses across 163 countries since 2020.
- In February 2026 the service was supported by about 8,000 hacked routers, including 2,500 in the United States.
- Authorities seized 34 domains, 23 servers in seven countries, and froze $3.5 million in cryptocurrency while disconnecting infected modems.
- The FBI issued an alert that AVrecon malware targeted roughly 1,200 device models to build the botnet and provided IoCs and mitigation guidance.