"REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online. This service has been a favorite for several actors such as those behind TransferLoader, which has ties to the Morpheus ransomware group. SystemBC is a C-based malware that turns infected computers into SOCKS5 proxies, allowing infected hosts to communicate with a command-and-control (C2) server and download additional payloads."
"According to Lumen, the SystemBC botnet comprises over 80 C2 servers and a daily average of 1,500 victims, of which nearly 80% are compromised virtual private server (VPS) systems from several large commercial providers. Interestingly, 300 of those victims are part of another botnet called GoBruteforcer (aka GoBrut). Of these, close to 40% of the compromises have "extremely long average" infection lifespans, lasting over 31 days."
REM Proxy operates as a proxy service built on the SystemBC malware, offering roughly 80% of the botnet to customers and advertising 20,000 Mikrotik routers plus open proxies. SystemBC converts infected Windows and Linux hosts into SOCKS5 proxies that connect to command-and-control servers and retrieve additional payloads. The botnet runs over 80 C2 servers and averages about 1,500 daily victims, with nearly 80% of victims being compromised VPS systems from major providers and 300 victims linked to the GoBruteforcer botnet. Many infections persist beyond 31 days and most victim servers have numerous unpatched CVEs, averaging 20 per host with at least one critical flaw.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]