Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users.
Anonfiles is an anonymous file-sharing site that allows people to share files anonymously without their activity being logged.
However, it soon became one of the most popular file-sharing services used by threat actors to share samples of stolen data, stolen credentials, and copyrighted material.
Five days ago, Anonfiles users began reporting that the service would time out when attempting to upload files.
As spotted by cybersecurity researcher g0njxa, the Anonfiles operators have now shut down the service, stating that their proxy provider recently shut them down and that they can no longer deal with the overwhelming amount of abusive material uploaded to the site.
The statement shown on Anonfiles site is reproduced in its entirety below:
“After trying endlessly for two years to run a file sharing site with user anonymity we have been tired of handling the extreme volumes of people abusing it and the headaches it has created for us.
Maybe it is hard to understand but after tens of million uploads and many petabytes later all work of handling abuse was automated through all available channels to be fast as possible.
We have auto banned contents of hundreds of thousands files.
Banned file names and also banned specific usage patterns connected to abusive material to the point where we did not care if we accidental delete thousands of false positive in this process.
Even after all this the high volume of abuse will not stop.
This is not the kind of work we imagine when acquiring it and recently our proxy provider shut us down.
This can not continue.
Domain 4sale.
domain@anonfiles.com”
While Anonfiles was a useful file-sharing site for many, other users reported [1, 2, 3] that the site used shady advertisers that commonly redirected malware, tech support scams, and unwanted Google Chrome and Firefox browser extensions.
For example, when attempting to download a file from Anonfiles, users said you would often be first redirected to a site that downloaded an ISO file using the same name as the file you thought you were downloading.
However, these ISO files contained various malware, including information-stealing malware, remote access trojans, and ad clickers.
In 2021, CronUp researcher Germán Fernández warned that Anonfiles malvertising was pushing the RedLine Stealer malware, a notorious information-stealing malware that steals your credentials and cryptocurrency wallets.
Other malvertising campaigns seen by Fernández and Malwarebytes on Anonfiles pushed search hijacking extensions, Amadey botnet, Vidar stealer, and even STOP ransomware.
The Anonfiles operators are now looking for someone to purchase their domain, likely to launch their own file sharing service.
However, in the interim, the shutdown will cause many files used by cybersecurity researchers and threat actors alike to no longer be available.