SystemBC
SystemBC is a Trojan that obfuscates corrupted network traffic by establishing a proxy on the infected computer. Although its payload is highly-specialized, it may facilitate the attacks of other threats that collect information or provide a backdoor into the system. Users should let anti-malware services identify and remove SystemBC as appropriate.
A Bank Robber's Hidden Accomplice
Although file-locking Trojans, banking Trojans, and similar threats make up the centerpieces of many Black Hat campaigns, attackers can gain much out of using high-specificity tools, such as optional modules and supporting software. New evidence is occurring of an extra player in this field: SystemBC, a Trojan that concentrates on network obfuscation. Since its payload doesn't target the user, it plays the role of an 'accomplice' to a primary threat, and malware experts are seeing cases of its attacks correlating with banking Trojan infections.
SystemBC's infection vector is establishing itself as Exploit Kit or EK-based, which is a Web browser-running package of exploits that can run on corrupted or hacked websites. Web surfers can compromise their PCs after visiting such a site in a shortened link or after interacting with a corrupted e-mail attachment or torrent, for some typical examples. The installation comes through yet another program that acts as a loader, such as the Amadey Loader.
Although most victims should concern themselves with the capabilities of the 'lead role' Trojans in these attacks, like the Danabot banking Trojan, SystemBC provides significant security-countering features. The C++ Trojan will set up a SOCKS5 proxy server on the infected PC and obfuscate text strings related to unsafe network activity with XOR encryption. These features make it all the more difficult for identifying the banking Trojans, backdoor Trojans, and other, C&C-dependant threats that partner with it.
Don't be a Mark for Trojans for Sale
It's possible that SystemBC's code is freely available on the dark Web or handing itself out through other methods. However, malware analysts judge the most probable distribution model for SystemBC as being rental to third-party criminals, much like the Ransomware-as-a-Service or RaaS industry. They also confirm SystemBC's deployment in multiple campaigns against the public.
Symptoms are, unfortunately, typically minimal with both SystemBC and the Trojans that malware analysts can connect to its current, ongoing campaigns. Most users remain dependent on the presence of competent anti-malware and security solutions for identifying the threat.
This Trojan is Windows-based, and there are no indications of its compromising other environments, yet. Users with possible infections should disable Internet connectivity and change possibly-leaked credentials like passwords, along with having a credible anti-malware program delete SystemBC on sight.
SystemBC is a sophisticated evolution of Trojan strategizing that goes hand-in-hand with the features of network-communicating threats. Since that description fits many of the samples that malware researchers see, users should take notice and strengthen their network countermeasures appropriately.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.