Sun. Mar 29th, 2020

Proofpoint researchers found undocumented proxy malware, SystemBC

1 min read

Proofpoint researchers recently discovered a new type of malware called SystemBC. Researchers say that SyetemBC is a malware for the Windows operating system, but unlike the past, SystemBC itself does not have the ability to attack but acts as a launcher. Experts say the malware is hidden on infected computers and an agent is built, which other malware can use to manage traffic on the computer and launch attacks.

SystemBC malware
Image: Proofpoint

Hackers will first attack vulnerable websites and simultaneously embed SystemBC and attack software on their computers while browsing the web. Next, SystemBC uses the SOCKS5 agent to bypass security measures, create reliable command and control channels for the attack software, and shield the attack software as it runs.

Proofpoint said their researchers first observed the malware on June 4. At the time, the team was analyzing a Fallout exploit kit, and one of the researchers noticed an agent malware that had never been seen before. In the following period of time, the team observed the activities of SystemBC several times.

After technical analysis, Proofpoint found that it is likely that someone is selling the malware on the online black market, which means that more hackers will use such malware in the future. Currently, Proofpoint is still investigating malware. Experts remind Windows users to update Windows protection patches in time to ensure system security.