SystemBC RAT are liked by Ransomware Controllers


Ransomware operators are deliberately using SystemBC RAT to maintain the longevity of compromised computers. Malware has been for sale in underground forums since 2019. Recently, the use of Tor has grown to encrypt command and control traffic.

What happened?
Previously, SystemBC malware was operating as a VPN using a SOCKS5 proxy in the backdoor. Now, however, it has emerged as an off-the-shelf tool.

  • It is capable of executing Windows instructions, implementing malicious DLLs, deploying files, remote management, and control, and setting up backdoors for operators to receive commands.
  • Over time, it has developed into a complex loophole that leverages the privacy of the TOR network to conceal its contact with its C2 servers.
  • Recently, the malware has been deployed as an off-the-shelf platform that could be accessible by malware-as-a-service deals. In certain cases, it has been present on damaged computers for days or weeks.

Recent threats

SystemBC has recently been used by a range of ransomware users, including Ryuk and Egregor, along with post-exploitation techniques such as Cobalt Hit.

  • Several weeks earlier, Egregor ransomware operators were detected using SystemBC to construct an obfuscated backchannel for data exfiltration and attack communications.
  • Ryuk ransomware operators have also been observed using SystemBC during attacks to maintain durability.

Bottom line

Off-the-shelf solutions are preferred by ransomware operators because they deliver many features for persistence. Experts, therefore, recommend that they use a secure anti-malware approach to spot malware, take a good backup of critical data, and offer instruction to workers to monitor phishing or spam emails.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More