SystemBC Malware Turns Compromised Windows Machines Into Ransomware Proxies

SystemBC malware, also known as Coroxy, is being utilized by threat actors to convert Windows machines into SOCKS5 proxy gateways. This malware allows attackers to maintain persistent access and route malicious traffic through compromised systems. It has been linked to several high-profile ransomware operations since its emergence around 2018-2019. Security researchers have observed its increasing prevalence across enterprise networks, indicating a growing threat landscape. The malware's ability to hide command and control (C2) traffic makes it particularly dangerous. Organizations using Windows systems are at risk, as the malware targets these environments to facilitate further attacks. The current status of SystemBC highlights its evolution into a widely traded tool among cybercriminals, emphasizing the need for enhanced security measures.

Key Points: • SystemBC malware converts Windows machines into SOCKS5 proxies for cybercriminals. • It has been linked to major ransomware operations and has evolved since 2018-2019. • Organizations using Windows systems are particularly vulnerable to this persistent threat.