The malware at the heart of the operation — known as AVrecon — had been publicly identified by cybersecurity firm Black Lotus Labs as far back as July 2023. The network kept running anyway.
On the American side, the FBI’s Sacramento Field Office, the IRS Criminal Investigation Oakland Field Office, and the Department of Defense’s Defense Criminal Investigative Service all had a hand in it.
SocksEscort did not just attract individual bad actors. It ran like a business. Customers paid to access the service, and they did so anonymously — using cryptocurrency to avoid leaving a financial trail.
Based on reports from Europol, the platform pulled in at least 5 million euros, roughly $5.7 million, from its paying users over the course of its run.
Europol Executive Director Catherine De Bolle said proxy services of this kind give criminals the cover to carry out attacks, move illegal content, and dodge detection. She credited the international cooperation for exposing the infrastructure behind it.
Fraud Stretched From Bank Accounts To Crypto WalletsThe crimes enabled by SocksEscort went beyond any single method. Officials linked the network to bank fraud and cryptocurrency account takeovers dating back to 2020.
The New York victim’s case stood out for its scale, but reports indicate the damage was spread across multiple countries and target types.
Featured image from Pexels, chart from TradingView
