Light Dark
August 6, 2019 By David Bisson 2 min read

A new proxy malware called SystemBC is using SOCKS5 proxies to mask traffic for command-and-control (C&C) infrastructure involved in banking Trojan attacks.

On June 4, Proofpoint discovered the SOCKS5 abuser while analyzing a Fallout exploit kit (EK) campaign. Researchers continued to see the Fallout EK as well as RIG EK distributing the malware over the next few weeks. In those campaigns, digital attackers paired the threat primarily with Maze ransomware and the Danabot banking Trojan. Proofpoint ultimately named the malware SystemBC based on the threat’s URI path found, as revealed in an underground marketplace advertisement.

In their analysis, the researchers found that the malware used a SOCKS5 proxy to mask traffic pertaining to C&C infrastructure that used HTTP connections for banking Trojans. This technique helped attackers shield their campaigns from detection — hence the decision to incorporate SystemBC into their attacks involving Danabot and similar threats.

Many Malware Campaigns Leverage SOCKS5 Proxies

SystemBC is only the latest malware to leverage SOCKS5 proxies to avoid detection. Back in March, for instance, Group-IB observed a similar capability in the Android Trojan Gustuff along with the ability to send SMS messages and transfer files. Soon afterward, Fortinet came across BianLian, Android malware that used a module to create a functioning SSH server on an infected device. This was around the same time that Bleeping Computer reported on eCh0raix ransomware and its use of a proxy to communicate with its C&C server.

How to Defend Against a Threat Like SystemBC

Security professionals can help defend against threats like SystemBC by prioritizing all known software vulnerabilities based on risk and creating an appropriate patching schedule. Security teams should implement these efforts within the context of a comprehensive vulnerability management program, a concerted effort that requires organizations to integrate their vulnerability management solutions with their security information and event management (SIEM), threat modeling tools and other utilities to provide a complete picture of risks.

 |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature