Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits (EKs), according to researchers.

Proofpoint researchers said on Thursday that in the most recently tracked example, the Fallout EK is used to download the Danabot banking trojan and the SystemBC SOCKS5 proxy, the latter of which is then used on a victim’s Windows system to evade firewall detection of C2 traffic.

SystemBC has so far been found mainly in Asia, where EKs remain important attack tools thanks to the fact that Windows piracy is common, leading to unpatched, buggy systems, researchers said. The use of Fallout is particularly interesting, according to Proofpoint, given that malvertising-based EK has historically been used to deliver instances of Maze ransomware.
Read more below:
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
Another dire warning for Windows users this week, after threat researchers at Proofpoint disclosed "a previously undocumented malware." This one had a twist, though, this malware was not an attack in itself, it was an enabler, hiding on infected computers, establishing a proxy that other malware can then use to manage traffic to the PC and carry out their threats.

Dubbed by its finders as SystemBC, the new strain of malware uses SOCKS5 proxies to bypass security measures, creating a secure command and control tunnel for other malware to use. The researchers highlighted "well-known banking Trojans such as Danabot" as likely beneficiaries.

Proofpoint reported that SystemBC is being distributed through exploit kits—compromised websites that identify vulnerabilities and plant malware as users browse the web. SystemBC is simultaneously dropped onto a target machine alongside dangerous malware, which it will then enable, protecting and cloaking traffic back and forth as that malware operates. The researchers found SystemBC in both the RIG and Fallout exploit kits. The idea that multiple threats can be combined into a single campaign is not new—but the approach taken by SystemBC to relay traffic for dangerous attacks is a nasty twist.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top