Security researchers have discovered a new malware proxy service called “Faceless” that is being used by cybercriminals to evade detection and conduct malicious activities.
The service has been operating since at least 2022 and is believed to have infected thousands of devices across the world.
According to a report by KrebsOnSecurity, the Faceless service allows cybercriminals to rent access to a network of infected devices, which can be used to relay malicious traffic and evade detection.
The service also provides a user-friendly interface that allows cybercriminals to easily manage their operations and monitor their activities.
Faceless, the malware proxy service
In 2014, iSocks, a well-known anonymity service, was introduced as a proxy solution for redirecting illicit web traffic through infected computers.
Over time, this service evolved into the malicious Faceless proxy service, according to the KrebsOnSecurity report.
“Faceless is a project from MrMurza, a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade,” said the report.
“Faceless has emerged as one of the underground’s most reliable malware-based proxy services, mainly because its proxy network has traditionally included a great many compromised Internet of Things devices — such as media sharing servers — that are seldom included on malware or spam block lists,” KerbsOnSecurity wrote, citing Spur.us co-founder Riley Kilmer.
Spur.us tracks VPN and proxy networks across the world, helping their customers spot traffic coming through these anonymity services.
The report notes that the Faceless service is primarily used for distributing malware, phishing attacks, and conducting distributed denial-of-service (DDoS) attacks.
The service is also being used to conduct “credential stuffing” attacks, where cybercriminals use stolen login credentials to gain unauthorized access to user accounts.
Malware proxy service: Tough to trace
Security researchers have been tracking the Faceless service for several months and have identified a number of unique features that make it difficult to detect and trace.
For example, the service uses a rotating pool of IP addresses to evade IP-based detection methods, and it also employs encryption and obfuscation techniques to hide its traffic.
The researchers note that the Faceless service is being marketed on underground forums and is attracting a large number of customers. The service is being offered for as little as $50 per month, making it accessible to even low-level cybercriminals.
Faceless service is a significant threat to organizations and individuals, as it allows cybercriminals to conduct malicious activities with a high degree of anonymity and evade traditional security measures.