To date, AT&T Alien Labs researchers have identified over 400,000 systems that act as proxy exit nodes in this network. However, it is unclear how many of these were infected, and the company that offers the proxy service claims that all devices pertain to users who are aware of the proxy application’s functionality.

Last week, the company said it identified roughly 10,000 macOS systems behaving as proxy exit nodes, with some of them potentially repurposed after being infected with the AdLoad adware.

The researchers believe that AdLoad might be running a pay-per-install campaign, monetizing access to the infected macOS systems by deploying the legitimate proxy application on them.