Scammers pounce on internet-for-rent services, generating cryptocurrency in quiet

Email fraud and ransomware attackers apparently are not enough.
salon cryptomining

As if ransomware and email fraud didn’t already create enough revenue for cybercriminals, scammers now are auctioning access to their victims’ internet connections in an effort to find more profits.

Hackers are seizing on a category of legitimate digital services that allow internet users to rent out access to their web connection in exchange for a small payment.

While the stated goal of each of these services varies — one, Honeygain, markets itself as a tool for “effortlessly” earning a “passive income” — they typically promise to enable broadband customers to collect a fee every time an outsider connects to their hotspot. The promise of using an emerging technology to earn a quick buck has been enough to generate consistent engagement on forum sites like Reddit. Hackers are watching, too, of course.

Fraudsters are “taking multiple avenues to monetize these new platforms” for their own gain, Cisco’s Talos threat intelligence unit said in a bulletin Tuesday.


One fraud technique involves silently installing a so-called proxyware service on an individual’s computer to hijack their bandwidth without alerting the victim, a ruse that helps leverage individual machine to generate cryptocurrency. In another effort, hackers are relying on malicious software that enables the theft of personal data, Talos researchers said.

The scam is also difficult to detect, as one scheme leverages a legitimate Honeygain software package to infect victims.

“This is a recent trend, but the potential to grow is enormous,” researchers noted, adding later that identifying the true attacker is likely to become more complicated. “These networks may also allow threat actors to obfuscate the source of their attacks making them appear as if they are originating from legitimate corporate networks.”

The proxyware scam represents a logical evolution of cryptojacking, in which hackers access a business or personal device and steal computing resources to mine for virtual currencies. Thieves seized on flaws in Microsoft technology to generate Monero, Sophos said in April. Scammers have used other trustworthy software, like Coinhive, for similar efforts dating back years.

Talos investigators stopped short of identifying any possible suspects or specific victims.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts