What is Aisuru and when did it first appear?

Aisuru is a botnet that first appeared in August 2024.

How has Aisuru shifted its focus recently?

Aisuru has shifted its focus from launching DDoS attacks to renting out infected IoT devices as residential proxies.

What is the purpose of using residential proxies in cybercrime operations?

Residential proxies are used to mask online traffic and evade detection, supporting activities like ad fraud, credential stuffing, and large-scale scraping.

How has the residential proxy market grown recently?

The residential proxy market has grown explosively, with hundreds of millions of residential IPs now available for rent, likely due to botnets like Aisuru providing a steady influx of compromised devices.

Aisuru Botnet Shifts Focus to Profitable Residential Proxy Rentals

Cybercriminals behind Aisuru botnet, responsible for record-breaking DDoS attacks, now rent out infected IoT devices as residential proxies. This shift allows anonymization of traffic and evasion of detection.

Aisuru, the botnet behind record-breaking DDoS attacks this year, has shifted its focus from flooding networks to renting out infected IoT devices as residential proxies. This move turns a destructive campaign into a profitable business model, allowing cybercriminals to anonymize their traffic and evade detection.

From Massive Attacks to Silent Rentals

The Aisuru botnet first appeared in August 2024 and has since compromised at least 700,000 IoT systems, including routers, digital video recorders, and security cameras. At its peak, Aisuru was capable of generating attacks exceeding 30 terabits per second. In June, it launched a 6.3-terabit-per-second assault against KrebsOnSecurity, one of the largest attacks Google's mitigation network had ever recorded.

Such attacks did more than target single websites; they caused collateral damage across entire Internet service providers. When Aisuru's nodes were used for outbound DDoS traffic, the resulting data floods sometimes reached over a terabit per second per provider, overloading routers and affecting legitimate customers. Federal authorities and major ISPs in both the United States and Europe have since begun cooperating to identify and block the botnet's infrastructure.

The Rise of the Residential Proxy Economy

Recent updates to Aisuru's malware turned its infected devices into part of the residential proxy market. Proxy services lease access to these devices, letting customers mask their online traffic as if it came from legitimate household connections. While proxies have valid business uses such as price monitoring or web analytics, they are often abused to disguise cybercrime operations including ad fraud, credential stuffing, and large-scale scraping.

This market has grown explosively. Data collected from monitoring services indicates that hundreds of millions of residential IPs are now available for rent. Much of this surge is likely tied to botnets like Aisuru, which provide a steady influx of compromised devices. The abundance of residential proxies has become a valuable resource for data harvesting operations supporting artificial intelligence projects, particularly those training large language models on scraped content.

Exploiting SDKs for Bandwidth and Profit

Many proxy networks expand their reach through software development kits bundled into mobile or desktop apps. These SDKs often claim user consent but can quietly convert a device into a traffic relay. Infected devices under Aisuru's control may be forced to install such SDKs automatically, allowing the botmasters to profit each time bandwidth from those devices is used.

Experts say this shift in focus has significant implications for the industry. "The abundance of residential proxies has become a valuable resource for data harvesting operations supporting artificial intelligence projects," said Riley Kilmer, co-founder of spur.us, a service that tracks proxy networks. "This market has grown explosively, and much of this surge is likely tied to botnets like Aisuru."

Key Facts

Aisuru, the botnet behind record-breaking DDoS attacks, has shifted its focus from flooding networks to renting out infected IoT devices as residential proxies.
The botnet has compromised at least 700,000 IoT systems, including routers, digital video recorders, and security cameras.
Recent updates to Aisuru's malware turned its infected devices into part of the residential proxy market.
Hundreds of millions of residential IPs are now available for rent, with much of this surge likely tied to botnets like Aisuru.
The abundance of residential proxies has become a valuable resource for data harvesting operations supporting artificial intelligence projects.

What Comes Next?

As the industry grapples with the implications of this shift, experts warn that the consequences will be far-reaching. "The rise of residential proxy services has significant implications for cybersecurity and data protection," said Benjamin Brundage, founder of Synthient, a startup that helps companies detect proxy networks.

The Aisuru botnet's pivot to residential proxies highlights the evolving nature of cybercrime and the need for industry-wide cooperation to address these threats. As the industry continues to navigate this new landscape, one thing is clear: the stakes have never been higher, and the consequences of inaction will be severe.