Qwins Ltd Linked to Malware Surge via Cheap Hosting

A UK-registered company, Qwins Ltd, has emerged as a major enabler of cybercrime, according to cybersecurity researchers who linked its infrastructure to global malware campaigns. Operating under ASN 213702, Qwins Ltd has provided bulletproof hosting services that support malware families like Lumma Stealer, Amadey, and Mirai variants.

Researchers observed its servers distributing over 120 malware payloads and coordinating attacks using 292 IP addresses between July 15 and 22, 2025. Threat actors used Qwins Ltd’s hosting environment to run phishing sites, manage botnets, and deliver malware across Windows and Linux systems.

The company’s infrastructure spans Russia, Germany, Finland, the Netherlands, and Estonia, with servers costing as little as $2 per month. Four specialized network segments underpin its operations, including a DDoS command center and a hub for info-stealing malware. Analysts say this segmented structure reflects a deliberate strategy to support persistent and evasive cyberattacks.

Read the full article at https://cybersecuritynews.com/bulletproof-hosting-provider-qwins-ltd/