Aisuru Botnet Shifts From Ddos to Residential Proxies
Posted2 months agoActiveabout 2 months ago
krebsonsecurity.comTechstory
calmnegative
Debate
70/100
BotnetIOT SecurityResidential Proxies
Key topics
Botnet
IOT Security
Residential Proxies
The Aisuru botnet has shifted from DDoS attacks to providing residential proxies using compromised IoT devices, raising concerns about IoT security and the ethics of proxy services.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
2d
Peak period
55
Days 7-8
Avg / period
12
Comment distribution60 data points
Loading chart...
Based on 60 loaded comments
Key moments
- 01Story posted
Oct 28, 2025 at 9:01 PM EDT
2 months ago
Step 01 - 02First comment
Oct 30, 2025 at 3:34 PM EDT
2d after posting
Step 02 - 03Peak activity
55 comments in Days 7-8
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 17, 2025 at 8:17 PM EST
about 2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45741357Type: storyLast synced: 11/20/2025, 2:55:49 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
How can regular users of Android, smart TV's, etc. identify these IoT devices that have been compromised?
But we're pretty far from having a system that isn't perfect for botnets and malicious proxies hiding on your network.
Kinda crazy how my ISP doesn't even show me my usage on the bill. But then again every time I call them for something, they try to convince me I need something more than the minimum plan, and they're BS depends on me not knowing which tier I need.
Not sure about other places, but where I live ISPs don't have bandwidth limits over which they make you pay an extra. In extreme cases they might suspend service if your usage is deemed abusive though, but I never heard of this happening to people I know IRL.
advanced users can segregate all their iot crap into separate network which allows keeping an eye on what goes on in there. but you need to know what your normal safe baseline looks like to be able to identify something weird happening.
of course there is lot of fancy tools built around this topic too, stuff like zeek and suricata almost certainly could be used to identify possible compromises. especially in a separate iot network, which should have otherwise fairly regular traffic patterns. but realistically, idk if anyone has been very successful in implementing such detection.
https://orca.cardiff.ac.uk/id/eprint/147062/1/AnoML.pdf
Saw them working on their elevator pitch last week.
there's no such thing as an ethically sourced residential proxy.
The internet in a growing number of countries is censored, but different content categories are censored in each jurisdiction. Many sites and services also block known VPNs (i.e. non-residential IPs), so that doesn't work as a bypass in all cases.
I have trusted friends in other countries, so by mutual agreement we could set up wireguard links for each other to use (subject to agreed terms). It just needs some way to intelligently route traffic depending on which jurisdictions will allow which requests (i.e. "which is the lowest-latency link that will allow this request").
That thing already exist and is called Tor Snowflake.
There is, just like you giving your attention and cpu to watch free ad supported content on the internet. It's the same in apps that give users access for free in return for bandwidth, or free VPNs that allow you to share bandwidth. There's also ISP "residential" proxies where ISPs re-sell some of their address space to proxy providers.
In practice, the vast majority of residential proxy usage would be for other (non-ethical) purposes.
Even these soft reasons to use VPNs and residential proxies are like an alibi for bad actors, is IP 25.14.xx.xx creating a fake account on twitter to spread malware or is he downloading a show that wasn't available before? I guess we'll never know such are the limits of privacy I guess.
That is, mostly unknowingly, perhaps suspecting what's going on, but politely trying to ignore it for their own convenience.
I think it is a valid reason to use residential proxies as an individual (because I think that these region locks and other restrictions are bs), but if a company does that to bypass crawling restrictions - it is wrong.
You have to be joking. Having seen a list of biggest Luminati contracts, legitimate use makes up probably well over 90% of traffic via these services.
It’s companies like Expedia and OpenAI, not Nigerian princes.
Yeah sure, fraud happens. Those customers aren’t even lucrative because posting scam ads on Craigslist or wherever does not use much bandwidth. Criminals also use Google search.
Besides the small matter of the victim in the arrangement, the entire reason OpenAI does it is ban evasion, which is not legitimate.
I have a hunch they're trading free TV for becoming a residential proxy unknowingly. Would love to capture network traffic from one and see what's really going on.
The fact that people are willing to buy these super sketchy devices and plug them into their networks without a second thought is kinda scary.
It probably just pulls from something like https://github.com/iptv-org/iptv and so the provider of Super Box doesn't have to maintain pretty much anything or use any of their own bandwidth. So the $300 minus the cost of the hardware is the profit and they don't have real reoccurring costs.
Alternatively, I wouldn't be surprised if some of the apps installed on these devices have their own embedded malware - the operators of the pirate TV networks are looking to get paid, too.
https://troypoint.com/best-downloader-codes/
They come preloaded with a pirate iptv service that only works for 1-2 months then they ask you to pay something like $70/year to keep watching. There's tons of providers for these IPTV services so bundling them with the boxes is a way to make it easy to access while gaining subscriptions, you can just buy a cheap android TV box yourself, install the apk and get a cheaper IPTV provider.
Most of these boxes/providers don't last more than a couple years as authorities tend to go after them when they get too big. My dad uses them to watch portuguese TV--it would be impossible to watch certain channels outside the country otherwise--and in the past 10 years he changed provider 3-4 times.
And that's why I will never buy any IoT devices that require an internet connection to work. Only IoT devices in my house are those that connect to my own server and never see the light of the internet.
To motivate lazy network operators, this protocol should be linked with financial conditions: an operator who doesn't honor the request, gets significantly reduced payment for this month's traffic.
I see weak people whining about attacks for like 10 years, and nobody changes anything. It's easier to blame evil hackers than fix their own broken poorly designed systems.
To give specific example, imagine a business which has 95% customers in developed country A, but receives 99% web requests from developing countries (DDoS attacks mainly come from there). It makes financial sense to cut off those countries first and after than figure out what happened.
Most websites and networks would suffer more from blocking residential ISP traffic than they do from misuse of residential ISP traffic, though...
BGP doesn't allow to stop attacks this way as I understand.
The fact that they don't allow you to use their service to scrape their own domain, tells you something about their ethics...