AT&T Alien Labs researchers discovered a network of over 400,000 systems where threat actors have leveraged access to malware-infected systems to deploy proxy applications. Researchers are unsure how many of the devices are infected, but the proxy service claims all devices are owned by users who understand the proxy’s functionality.

The company also identified 10,000 macOS systems acting as proxy exit nodes. Threat actors likely infected the systems with AdLoad adware and then ran a pay-per-install campaign to monetize access to infected systems by deploying proxy applications on them. A new report on Wednesday discovered a 400,000-strong proxy botnet created via a similar campaign targeting Windows computers. Researchers observed the various proxies collect details on the systems it operates on and communicate with the command-and-control server to receive instructions. Alien Labs noted the proxy network serves as a channel system for illegal or unauthorized financial gains.

Read More: