Posts

Showing posts from July, 2026

Microsoft Store Apps + Go Backconnect Proxyware Part 2

Image
Hello World, I've observed some new stores and updated campaign behavior related to what I wrote about in Part 1 . Some changes include the Store publisher names, DLL file names, and a move from koffi to ffi-rs for the loading of the Go based proxyware binary. A detailed writeup on some of the new behaviors can be seen from HexaStrike who has named this campaign StoreSocks . I kind of like the name. Anyway, I don't intend this to be a long post, just some quick updates and observations on the campaign. New Publisher Names TECHNOLOGIES FOR BUSINESS LLC SOFTWARE MATTERS LLC New DLL file names: telemetry.dll /lib[A-Z0-9]{3}\.dll/ New C2: gate1.storetelemetryapiapps.xyz telemetrystoreapi1.xyz storetelemetryapi.xyz Additional Reading on recent Proxyware News: Nearly half of Smart TVs with Proxyware FBI Seizes NetNut Proxy Platform, Popa Botnet STORESOCKS – Microsoft Store Apps Deliver a Go Backconnect Proxy Microsoft Store Apps May Deliver Go Backconnect Proxy Malware Part 1 Det...