A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide.
The new platform was spotted by DomainTools analysts who have been watching the emergence of these services, reporting that ‘ BlackProxies’ is one of the most quickly growing newcomers in the space.
A new entity that claims such a big pool of available proxies is an important development considering that law enforcement has shut down several large proxy providers like RESNET and INSORG in the past couple of years.
What are residential proxies?
Proxies are online servers that accept and forward requests for other devices on the Internet, making it appear that a connection originates from their IP address while hiding the actual initiator behind them.
Residential proxies use home users’ IP addresses rather than a data center’s address space, making them ideal for running shopping bots or for threat actors who want to blend into regular website traffic.
Sometimes, residential users willingly become proxies in exchange for money; however, in many cases, they become proxies involuntarily through malware infections on their computers, IoTs, and modems.
Cybercriminals use these residential proxies to improve their illegal operations’ efficiency while hiding themselves from law enforcement and blockers.
For example, in August 2022, the FBI warned about the rising trend of cybercriminals using residential proxies to conduct large-scale credential-stuffing attacks without being tracked, flagged, or blocked.
‘BlackProxies’ scale and operation
The BlackProxies service claims to have access to a pool of 1,000,000 IP addresses from around the world, all coming from real residential users, ensuring unblocked status, low detection rates, and good speeds.
Also, the service offers an auto-rotation system that refreshes IP addresses automatically, ensuring that each request is made from a new address.
Clients are also given an easy-to-use control panel with live usage stats and a REST API for versatility and even reselling potential.
The cost for using the service is $14/day, $39/week, or $89 per month, while a try-out package costs $4.9.
DomainTools examined the platform and found its IP address pool claims are false, as the service counts just over 180,000 available IP addresses.
However, this is still significant, surpassing even platforms that use unreliable methods like botnets to build their IP pools.
DomainTools investigated further and discovered that an IP address used in the service’s infrastructure had previously been linked to other shady services.
While the BlackProxies service prohibits malicious and illegal activities, the service has quickly grown to become popular among threat actors.
Using KELA’s DarkBeast threat intelligence platform, BleepingComputer has found numerous posts on hacking forums where the BlackProxies service is being promoted in topics about credential stuffing and account hijacking.
When the DomainTools researchers confronted the operator of the BlackProxies service about the alleged criminal activities, the operator didn’t show interest in discussing details.
BleepingComputer has contacted the BlackProxies operator on the listed contact method, a Telegram channel, to learn how exactly access to these residential IPs is achieved, but we have yet to hear back.
At the time of writing, BlackProxies remains online.