The SystemBC botnet, a notorious malware loader, has evaded a recent law enforcement operation and currently affects over 10,000 computers globally, cybersecurity experts from Silent Push reveal. Originally identified in 2019, SystemBC operates as a backdoor, exploiting compromised devices to proxy internet traffic.
SystemBC’s Continued Threat
Known by aliases such as Coroxy and DroxiDat, SystemBC has been implicated in spreading ransomware and other harmful software. Despite a targeted crackdown by authorities in May 2024, known as Operation Endgame, the botnet’s operations have persisted. Cybersecurity firm Silent Push reports ongoing updates from the malware’s developer on underground forums.
Currently, SystemBC-related traffic is emanating from more than 10,000 IP addresses, with significant concentrations in the United States (4,300), Germany (829), France (448), Singapore (419), and India (294). The malware predominantly targets hosting providers, with identified cases in Burkina Faso and Vietnam.
Technical Insights into SystemBC
SystemBC transforms infected devices into SOCKS5 proxies, facilitating the rerouting of internet traffic to obscure malicious activities and potentially generate illicit profits. The malware employs a dynamic architecture, connecting clients to exposed command-and-control (C&C) servers, which redirect traffic across infected systems.
Analysis of the communications within the botnet has unveiled a Perl-based version of SystemBC targeting Linux environments, suggesting the developer is a Russian speaker. Although primarily known for targeting Windows systems, many compromised hosts have also been linked to attacks on WordPress sites.
Implications for Cybersecurity
Silent Push warns that the infrastructure associated with SystemBC poses a continuous threat, serving as a critical component at the beginning of cyber intrusion chains and being utilized by various threat actors. Ongoing surveillance is essential to mitigate risks, as SystemBC’s activities often precede ransomware attacks and other malicious operations.
Given its resilience and widespread impact, SystemBC remains a significant concern for cybersecurity professionals worldwide. The persistence of such botnets underscores the need for enhanced security measures and international cooperation to combat cybercrime effectively.
Related articles from the cybersecurity field highlight similar challenges, such as disruptions to proxy networks by tech giants and legal actions against individuals selling unauthorized network access.
