This report details a stealthy campaign exploiting CVE-2024-36401, a critical RCE vulnerability (CVSS 9.8) in GeoServer, to gain access to victims' machines and monetize their internet bandwidth. Attackers deploy legitimate or modified SDKs to turn compromised systems into residential proxies, mimicking legal monetization practices used by app developers....