The SystemBC proxy botnet, with over 1,500 daily infected bots, targets vulnerable VPS servers worldwide to facilitate malicious traffic and hide command-and-control activities. Its operators are less concerned with stealth, leading to long infection durations and extensive use in criminal proxy services and cyberattacks. #SystemBC #VPSVulnerabilities
Keypoints
- SystemBC has been active since 2019 and is used by various threat actors including ransomware gangs.
- The botnet primarily infects vulnerable VPS servers with critical unpatched security issues.
- Operators focus on volume and do not emphasize hiding their activities, resulting in long-lasting infections.
- SystemBC supports criminal proxy services, including REM Proxy and VN5Socks/Shopsocks5.
- The malware enables high-volume malicious traffic, with infected servers generating gigabytes of proxy data daily.