The US Department of Justice revealed that the FBI dismantled the IPStorm malware botnet infrastructure, along with the guilty plea of the service’s operator Sergei Makinin.

IPStorm (InterPlanetary Storm) was a malware botnet first spotted in 2019 that has been targeting Windows, Linux, Mac, and Android devices worldwide, including Asia, Europe, North America, and South America. The botnet used a legitimate peer-to-peer network called InterPlanetary File System (hence its name) as a means to obscure malicious traffic. It was found the malware eventually allowed attackers to execute arbitrary PowerShell commands on the victim’s machine.

According to court documents, Makinin, who is a Russian and Moldovan national, developed and deployed malware to compromise thousands of Internet-connected devices across the globe. The primary purpose of the botnet was to turn infected devices into proxies as part of a for-profit scheme.

Makinin made access to these proxies available via his websites, proxx.io and proxx.net, through which he sold illegitimate access to the hacked devices to customers who wanted to hide their internet activities. A single customer could pay hundreds of dollars a month to route traffic through thousands of infected computers. Makinin’s website advertised that he had over 23,000 “highly anonymous” proxies from all over the world. Makinin acknowledged that he gained at least $550,000 from the scheme.

Makinin pled guilty on September 18, 2023, to three counts of criminal charges related to illegal access and causing damage to protected computers. He could face up to 30 years in prison if found guilty. As part of the plea agreement, Makinin will forfeit cryptocurrency wallets linked to the illicit activities.