Read more below:A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits (EKs), according to researchers.
Proofpoint researchers said on Thursday that in the most recently tracked example, the Fallout EK is used to download the Danabot banking trojan and the SystemBC SOCKS5 proxy, the latter of which is then used on a victim’s Windows system to evade firewall detection of C2 traffic.
SystemBC has so far been found mainly in Asia, where EKs remain important attack tools thanks to the fact that Windows piracy is common, leading to unpatched, buggy systems, researchers said. The use of Fallout is particularly interesting, according to Proofpoint, given that malvertising-based EK has historically been used to deliver instances of Maze ransomware.
The proxy is being distributed by the RIG and Fallout exploit kits.
Proofpoint researchers describe a previously undocumented proxy malware currently appearing in RIG and Fallout EK campaigns.