Anonfiles File Sharing Service Shuts Down Due to Ongoing Abuse

The popular anonymous file sharing service Anonfiles has shut down. Its administrators stated that they could no longer cope with the overwhelming amount of abuse from users.

Anonfiles quickly became one of the most popular file sharing platforms among criminals, who used it to exchange stolen data samples, logins and passwords, as well as copyrighted materials.

Many users also reported (1, 2, 3) that the site used questionable advertisers who often redirected people to pages containing malware, unwanted browser extensions for Google Chrome and Firefox, and fake tech support scams.

For example, when trying to download a file from Anonfiles, users were first redirected to a site that would download an ISO file with the same name. Such ISO files could contain various types of malware, including info-stealers, remote access trojans, and ad clickers.

Back in 2021, researcher CronUp warned that malicious ads on Anonfiles were spreading the well-known RedLine info-stealer. The site was also linked to campaigns distributing the Amadey botnet, Vidar stealer, and STOP ransomware.

Service Closure and Official Statement

According to Bleeping Computer, users began noticing a few days ago that Anonfiles was returning errors when trying to upload files. Security researcher g0njxa soon discovered that the Anonfiles operators had shut down the service, stating that their proxy provider had recently disconnected them and they could no longer handle the massive volume of abuse.

Below is the full statement from the Anonfiles administration:

“After two years of endless attempts to run an anonymous file sharing site, we are tired of the massive amount of abuse and the headaches it has caused us.

This may be hard to understand, but after tens of millions of uploads and many petabytes of data, all the work to fight abuse was automated through every available channel to be as fast as possible.

We automatically banned the content of hundreds of thousands of files. We banned file names and specific usage patterns associated with abuse. It got to the point where we didn’t care if, in the process, we accidentally triggered thousands of false positives and deletions.

But even after all this, the huge amount of abuse did not decrease.

This is not the job we imagined when we started this. And recently, our proxy provider disconnected us.

This can’t go on any longer.

The domain is for sale.”