silversurfer

Level 54
Verified
Trusted
Content Creator
Malware Hunter
A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits (EKs), according to researchers.

Proofpoint researchers said on Thursday that in the most recently tracked example, the Fallout EK is used to download the Danabot banking trojan and the SystemBC SOCKS5 proxy, the latter of which is then used on a victim’s Windows system to evade firewall detection of C2 traffic.

SystemBC has so far been found mainly in Asia, where EKs remain important attack tools thanks to the fact that Windows piracy is common, leading to unpatched, buggy systems, researchers said. The use of Fallout is particularly interesting, according to Proofpoint, given that malvertising-based EK has historically been used to deliver instances of Maze ransomware.
Read more below:
 

Correlate

Level 10
Malware Tester
Another dire warning for Windows users this week, after threat researchers at Proofpoint disclosed "a previously undocumented malware." This one had a twist, though, this malware was not an attack in itself, it was an enabler, hiding on infected computers, establishing a proxy that other malware can then use to manage traffic to the PC and carry out their threats.

Dubbed by its finders as SystemBC, the new strain of malware uses SOCKS5 proxies to bypass security measures, creating a secure command and control tunnel for other malware to use. The researchers highlighted "well-known banking Trojans such as Danabot" as likely beneficiaries.

Proofpoint reported that SystemBC is being distributed through exploit kits—compromised websites that identify vulnerabilities and plant malware as users browse the web. SystemBC is simultaneously dropped onto a target machine alongside dangerous malware, which it will then enable, protecting and cloaking traffic back and forth as that malware operates. The researchers found SystemBC in both the RIG and Fallout exploit kits. The idea that multiple threats can be combined into a single campaign is not new—but the approach taken by SystemBC to relay traffic for dangerous attacks is a nasty twist.