The Aisuru botnet, once known for massive distributed denial-of-service attacks, has shifted toward monetizing its infrastructure by selling access to infected IoT devices as residential proxies. These compromised routers, cameras, and DVRs are now used to disguise malicious activity behind legitimate home IP addresses. Instead of generating high-volume traffic floods, the operators earn revenue by leasing proxy bandwidth to clients conducting web scraping, advertising fraud, credential stuffing, and data collection operations that benefit from appearing to originate from real users.

This evolution reflects a broader trend in cybercrime toward “as-a-service” business models that repurpose existing botnets for stealth and profit. The change also complicates detection and mitigation efforts, as traffic routed through home networks is harder to blacklist without disrupting legitimate users. The persistence of vulnerable IoT devices ensures a steady supply of new nodes, while defenders must contend not only with attack prevention but also with the misuse of their own networks as part of global proxy infrastructures.

‍

Source: https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/