BlackProxies Service Gains Traction Among Cybercriminals
Cybersecurity researchers from DomainTools have discovered a new residential proxy marketplace called BlackProxies, which, according to its advertising, offers access to one million proxy addresses worldwide. Experts warn that BlackProxies is rapidly gaining popularity among hackers, phishers, resellers, and scammers, even though the service claims to prohibit malicious and illegal activities.
List of Allegedly Prohibited Activities
According to specialists, the emergence of such a large platform is a significant event, especially considering that law enforcement agencies have shut down several similar services in recent years, including RESNET and INSORG. The report notes that residential proxies typically use the IP addresses of regular users rather than datacenter address space, making them ideal for running trading bots and for cybercriminals who want to “blend in” with normal traffic. Sometimes users become proxy servers voluntarily (for a fee), but more often this happens because their computers, IoT devices, or routers are infected with malware.
Cybercriminals generally use residential proxies to increase the effectiveness of their attacks, hiding from law enforcement and blockers.
Features and Pricing of BlackProxies
The operators of BlackProxies claim to have access to a pool of 1,000,000 IP addresses from around the world, all sourced from real users, which ensures the required unblocking, low detection rates, and good speeds. The service also offers an automatic rotation system that updates IP addresses automatically, guaranteeing that each request is made from a new address.
Clients are provided with a dashboard featuring real-time usage statistics and a REST API for flexibility and, likely, the possibility of reselling the service.
BlackProxies’ services are priced at $14 per day, $39 per week, or $89 per month (with a trial package available for $4.90).
Analysis and Findings
DomainTools analysts studied the platform and found that the claims of a massive IP address pool are false. In reality, the service has about 180,000 available IP addresses. Researchers note that this is still a significant number and far exceeds the capabilities of many other platforms and botnets.
The report also mentions that one of the service’s infrastructure IP addresses was previously linked to other underground platforms.
According to Bleeping Computer, BlackProxies is currently being actively promoted on hacker forums, especially in threads dedicated to credential stuffing attacks and account takeovers.