Law enforcement in the U.S. and Europe disrupted the SocksEscort residential proxy network, seizing domains and servers, freezing $3.5 million in cryptocurrency, and linking the service to thousands of infected routers used to mask cybercriminal activity. The FBI warned that AVRecon malware targets routers and IoT devices across many models from vendors like Cisco, DโLink, MicroTik, Netgear, TPโLink, Hikvision and Zyxel, and investigators tied the platform to widespread fraud and theft. #SocksEscort #AVRecon
Keypoints
- SocksEscort sold access to infected residential routers, offering criminals proxies tied to hundreds of thousands of IPs worldwide.
- Authorities seized 34 domains, took down 23 servers, and froze $3.5 million in cryptocurrency during the operation.
- The FBI linked AVRecon malware to the platform and said it targets roughly 1,200 device models from vendors including Cisco, DโLink, MicroTik, Netgear, TPโLink, Hikvision and Zyxel.
- Investigators connected SocksEscort to scams such as fraudulent unemployment claims, cryptocurrency theft, and U.S. bank account takeovers, with operators allegedly earning over $5.7 million.
- Law enforcement in seven countries, supported by private firms like Black Lotus Labs and the Shadowserver Foundation, coordinated the takedown that began in June 2025.
Read More: https://therecord.media/us-europol-disrupt-socksescort-network