CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Malware & Threats

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic. The post SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown appeared first on SecurityWeek.

Botnet

The SystemBC malware loader has survived a law enforcement takedown attempt and has ensnared over 10,000 machines in a botnet, cybersecurity firm Silent Push warns.

Also known as Coroxy and DroxiDat, SystemBC has been around since at least 2019 and is known for acting as a backdoor and for abusing infected machines for traffic proxying.

Historically, the malware has also been involved in the distribution of ransomware and other malicious payloads, and was targeted by authorities in May 2024 as part of Operation Endgame.

Despite the coordinated international law enforcement effort, the botnet’s activity did not cease, and its developer was seen posting updates on Russian-language underground forums, Silent Push notes.

Now, there are more than 10,000 IP addresses generating SystemBC-specific traffic, most of them in the US (4,300). Large numbers of victims were also identified in Germany (829), France (448), Singapore (419), and India (294), the cybersecurity firm says.

The malware mainly targets hosting providers, and Silent Push identified high-density IP addresses hosting official domains in Burkina Faso and Vietnam associated with SystemBC infections.

The malware is designed to turn infected machines into SOCKS5 proxies, allowing it to relay traffic, likely to hide malicious infrastructure and generate financial gain.

SystemBC uses a rotating architecture, where the clients connect to internet-exposed command-and-control (C&C) servers that proxy traffic through the infected hosts.

Analysis of the C&C communication associated with the botnet revealed the existence of a Perl-based SystemBC variant targeting Linux systems, which in turn showed that the malware’s developer is a Russian speaker.

While SystemBC is known for dropping malware on Windows systems, Silent Push’s investigation also revealed that many of the infected hosts have been involved in attacks targeting WordPress websites.

“SystemBC-associated infrastructure presents a sustained risk due to its role early in intrusion chains and its use across multiple threat actors. Proactive monitoring is critical, as activity tied to SystemBC is often a precursor to ransomware deployment and other follow-on abuse,” Silent Push notes.

Related: Google Disrupts IPIDEA Proxy Network

Related: Hugging Face Abused to Deploy Android RAT

Related: Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks

Related: GoBruteforcer Botnet Targeting Crypto, Blockchain Projects

Latest News

CYBERNEWSMEDIAPublisher