Netlab researchers are warning that the Free-Socks.in proxy service is a front for a criminal operation, as the service runs on top of a massive botnet consisting of 2,692 WordPress sites, nearly half of which are hosted in the US.
The compromised websites have been infected with the Linux.Ngioweb backdoor that is controlled by threat actors via two command and control (C&C) servers. The sites are now used as proxy servers that receive and forward traffic of people using the Free-Socks.in service.
Read more: Free proxy service found running on top of 2,600+ hacked WordPress sites