CyberSecurityBoard
Sponsor Register Login

Hackers Actively Attacking Linux SSH Servers to Deploy TinyProxy or Sing-box Proxy Tools

The Sing-box variant utilizes GitHub-hosted installation scripts, deploying a multipurpose proxy supporting vmess-argo, vless-reality, Hysteria2, and TUICv5 protocols, originally designed for bypassing geographic content restrictions but repurposed for criminal proxy networks. The attacks demonstrate tactical precision, with no extraneous malware deployment beyond the core proxy infrastructure, suggesting organized operations focused on building scalable proxy networks. Unlike conventional attacks focused on cryptocurrency mining or distributed denial-of-service operations, these intrusions specifically aim to transform compromised systems into proxy nodes within criminal networks. Cybercriminals have intensified their assault on poorly managed Linux SSH servers, deploying sophisticated proxy tools to establish covert network infrastructure. The sophisticated nature of these attacks indicates coordinated efforts by threat actors seeking to monetize compromised infrastructure through proxy-as-a-service offerings or to facilitate anonymization for subsequent criminal activities. ASEC researchers identified two primary attack patterns involving the installation of TinyProxy and Sing-box proxy tools. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. These attacks represent a shift from traditional malware deployment toward the strategic installation of legitimate networking tools for malicious purposes. The campaign targets Linux servers with weak SSH credentials, exploiting inadequate security configurations to gain unauthorized access. The malware removes existing Allow and Deny rules from /etc/tinyproxy/tinyproxy.conf, replacing them with Allow 0.0.0.0/0, effectively permitting unrestricted external access through port 8888. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Jul 2025 17:45:18 +0000


Cyber News related to Hackers Actively Attacking Linux SSH Servers to Deploy TinyProxy or Sing-box Proxy Tools

Hackers Actively Attacking Linux SSH Servers to Deploy TinyProxy or Sing-box Proxy Tools - The Sing-box variant utilizes GitHub-hosted installation scripts, deploying a multipurpose proxy supporting vmess-argo, vless-reality, Hysteria2, and TUICv5 protocols, originally designed for bypassing geographic content restrictions but repurposed ...
3 months ago Cybersecuritynews.com
CVE-2023-53649 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
1 year ago Cybersecuritynews.com
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
1 year ago Gbhackers.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
CVE-2017-11747 - main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for ...
5 years ago
VB.NET Proxy and VPN Check with IP2Location.io - Virtual Private Network servers are proxy servers that people use daily when browsing the Internet. As most of us are aware, websites track their visitors for advertising and marketing purposes. That's the same reason that people use residential ...
1 year ago Feeds.dzone.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
CVE-2023-43644 - Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass ...
2 years ago
Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely - Security researchers have uncovered a significant remote code execution vulnerability in Microsoft’s Windows Key Distribution Center (KDC) Proxy that could potentially allow attackers to gain complete control over affected servers. The ...
7 months ago Cybersecuritynews.com CVE-2024-43639
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
1 year ago Cybersecuritynews.com
Careless oversight of Linux SSH servers draws cryptominers, DDoS bots - Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password ...
1 year ago Therecord.media
In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
1 year ago Arstechnica.com
Amazon Still Selling T95 TV Box with Pre-Installed Malware - A few weeks back, Hackread.com reported about a malware-infected Android TV box available on Amazon: the T95 TV box. The box contained pre-installed malware, which was discovered by a Canadian developer and security systems consultant, Daniel ...
2 years ago Hackread.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Attackers Targeting Poorly Managed Linux SSH Servers - In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly secured Linux SSH servers, ...
1 year ago Securityboulevard.com
CVE-2024-37891 - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* ...
1 year ago
CVE-2024-52308 - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to ...
10 months ago Tenable.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
6 months ago Cybersecuritynews.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com
Socks5Systemz proxy service infects 10,000 systems worldwide - A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. The malware infects computers and turns them into traffic-forwarding ...
1 year ago Bleepingcomputer.com
Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)