RPX_Client: New PolarEdge Module Hijacks IoT Devices for Proxy Operations

Cyber Security News by CyberSum.net

Published on October 31, 2025 at 06:00 AM

2 sources

XLab has uncovered RPX_Client, a new module linked to the PolarEdge ORB network, which hijacks IoT devices for global proxy operations. The malware, distributed from specific IP addresses, onboards infected devices into the PolarEdge proxy pool and executes remote commands. Over 25,000 devices have been compromised, primarily network video recorders and routers. The malware maintains two persistent C2 channels and uses a multi-hop proxy architecture to conceal attacker IPs. XLab attributes this activity to PolarEdge with high confidence.

Also Read

TruffleNet: Cloud Credential Abuse for BEC Fraud

Fortinet’s FortiGuard Labs identified a widespread cloud abuse campaign, TruffleNet, exploiting stolen AWS credentials for large-scale Business Email Compromise (BEC) and email fraud. The campaign leverages over 800 unique hosts across 57 networks, showcasing advanced automation and operational discipline. Attackers use tools like TruffleHog and Portainer to validate credentials and orchestrate fraudulent activities, resulting in significant financial losses and data breaches.

By Cyber Security News by CyberSum.netNovember 4, 2025 at 12:00 AM