alt Hacker NewsThe buried lede here is the business model. This isn't ransomware or data theft. The malware turns your PC into a residential proxy node and sells your IP address to third parties for fraud, scraping, and ad abuse. That's why it's designed to be invisible and why it persisted for so long. Traditional malware wants to disrupt or extract. Proxyware wants to coexist quietly.
Your machine runs a little slower, your bandwidth gets a little thinner, and someone halfway around the world is routing traffic through your home IP. It's a fundamentally different threat model and most endpoint protection isn't looking for it because the behavioral signatures look like normal network activity.
Replies
> Your machine runs a little slower, your bandwidth gets a little thinner, and someone halfway around the world is routing traffic through your home IP.
I wish in 2026 the default on new computers (Windows + Mac) was not only "inbound firewall on by default" but also outbound and users having to manually select what is allowed.
I know it is possible, it's just not the default and more of a "power user" thing at the moment. You have to know about it basically.
> It's a fundamentally different threat model and most endpoint protection isn't looking for it because the behavioral signatures look like normal network activity.
Is it even possible for a prosumer home router like OPNsense or OpenWRT to detect this?