Malware
GhostSocks
GhostSocks, a Golang-based proxy malware, was first advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in October 2023.
GhostSocks is a Windows malware family.
Background
GhostSocks is a Golang-based proxy malware that first appeared for sale as a Malware-as-a-Service (MaaS) offering on Russian-speaking underground forums in October 2023. Renting for US $100 per month, it relies on back-connect SOCKS5 connections. In February 2024, the operator of Lumma Stealer shipped an update adding proxying functionality built in collaboration with GhostSocks, which turns infected hosts into SOCKS5 proxies and is offered to subscribers on the "Professional" tier or above. The integration lets Lumma Stealer customers assemble a pool of residential IP addresses for purposes such as credential checking, spam distribution, or general-purpose proxying.
Source: Malpedia (Fraunhofer FKIE).