A hidden proxy is a type of server system for filtering Internet connection traffic that is invisible for one reason or another. They can sometimes be hidden from the user, in the case they are running on a user's computer. Alternatively, this type of proxy can be set up on a remote server, with a website false-front, so it is undetectable by other web-filtering proxies or software. In general, the term can be misused or somewhat confusing due to its lack of affiliation with any specific proxying technique.
One way the hidden proxy term is used is in Internet phishing attempts, where misdirecting email messages attempt to gather additional information about a user. These spam email messages may be sent out to unsuspecting users that warn of a potential hidden proxy running on their computer. In many cases, these messages impersonate the user's Internet service provider (ISP) and claim that the user is sending large amounts of spam from her computer. The phony email message falsely accuses the user of generating spam and further threatens that her Internet connection will be deactivated. Within the message, the user is prompted to either download an attachment and install it onto her computer or follow a link to a website where additional information can be gathered.
This is where the concept of a hidden proxy comes into use with regards to malicious software that a user installs on his computer. If so duped by a phony email message, users download and install the attachment, thinking they are running software from their ISP to remove a hidden proxy. In fact, however, they are doing just the reverse and subsequently installing a hidden proxy on their computers. Once installed, a small server software program runs as a background process, invisible to the user, which then filters and captures the user's web browsing habits such as websites he visits and potentially any passwords and credit card information shared with those websites. The software then periodically sends the data it captures via the hidden proxy out to another server for nefarious uses.
Another somewhat clandestine use for the term comes from the desire for students or corporate workers to bypass a web-filtering proxy server on their school's or employer's network. In a technique sometimes referred to as proxy avoidance, the user loads a website that is running a proxy server of its own which then acts as a stepping off point to the website he would like to access, but otherwise wouldn't be permitted due to his network's proxy. Network administrators are known to keep their filtering systems up to date, thereby also blocking such proxy-avoidance websites, so websites providing such services can also hide their proxy under a false front. This technique essentially hides the proxy, not from a user, but from another proxy server or filtering software.