Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Microsoft Teams Blocks Uninvited Bots From Meetings
July 1, 2026
Anthropic Claude AI Reportedly Uses Hidden Code to Detect Chinese Users
July 1, 2026
US Eases Export Restrictions on Claude Fable 5 and Mythos 5 AI Models
July 1, 2026
Home/Threats/SystemBC Malware Conceals C2 Traffic for Persistent Access
Threats

SystemBC Malware Conceals C2 Traffic for Persistent Access

Key Takeaways SystemBC, also known as Coroxy, is a sophisticated Windows malware acting as a SOCKS5 proxy, backdoor, and remote access tool. It stealthily routes malicious command-and-control (C2)...

Jennifer sherman
Jennifer sherman
July 1, 2026 2 Min Read
3 0

Key Takeaways

  • SystemBC, also known as Coroxy, is a sophisticated Windows malware acting as a SOCKS5 proxy, backdoor, and remote access tool.
  • It stealthily routes malicious command-and-control (C2) traffic through infected systems, making detection challenging.
  • The malware has been consistently linked to major ransomware operations, including Ryuk, Conti, and BlackBasta.
  • Newer versions leverage the Tor network for C2 communications, further enhancing its ability to evade detection.
  • Organizations should focus on behavior-based detection and regularly simulate attacks to identify and remediate security gaps.

A potent cyberattack tool, SystemBC, has been increasingly observed establishing covert communication channels within enterprise networks. This malware transforms compromised machines into proxies for illicit traffic, allowing threat actors to maintain persistent, hidden access. Security researchers have connected SystemBC to some of the most impactful ransomware campaigns in recent history.

SystemBC, also identified as Coroxy, functions as a multi-faceted Windows malware, combining the capabilities of a SOCKS5 proxy, a backdoor, and a remote access tool. Its primary objective is to provide cybercriminals with an unnoticeable foothold inside targeted environments, enabling them to funnel malicious traffic through unsuspecting hosts without immediate detection. This capability is detailed in a comprehensive analysis by security experts. You can review the full report here.

First detected between 2018 and 2019, SystemBC initially served as a payload delivered by prominent exploit kits such as RIG and Fallout. Over time, it has evolved into a widely traded commodity on dark web forums, becoming a staple tool for numerous criminal organizations. This widespread adoption underscores its effectiveness and versatility in the cybercrime ecosystem. Further details on this evolution can be found in this report.

According to Picus, in a report shared with Cyber Security News (CSN), SystemBC acts as a persistent backdoor and proxy. It transforms infected machines into conduits for malicious traffic while simultaneously executing commands, scripts, and binaries dispatched from attacker-controlled servers. This malware has been implicated in breaches involving notorious ransomware families such as Ryuk, Egregor, Conti, BlackBasta, Play, and Rhysida, solidifying its role in some of the most devastating cyberattacks of recent years. The full report can be found <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/7da479c4-56a9-483b-9285-d6fb794b2c0e/Hackers-Use-SystemBC-Malware-to-Hide-C2-Traffic-and-Maintain-Persistent-Access.pdf?AWSAccessKeyId=ASIA2F3EMEYEX2WMFDEZ&Signature=yZBtOe6S6kNfWdjYXJwJt2qbneg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIAufwrbguFlU3iEU8lVRH4Qn7D43%2FQHCbOEHSBCQBiCkAiEAt3yfnHj0%2BKKmPGKsy4fIUalViYVkYje8esyx7S7Vaa4q%2FAQIxf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJEK%2BNWhGcVFcPnWMyrQBEjTgUHt5BrdK4kf6AZQkX9zDdQ7tFf7%2FmAk1Dv9YE8vNTvUgBo%2FgFmElJq3bw5eqrCMo7DPMHMHtak%2B1hLdv%2Fkm%2B%2BoDiPKfACGJ4ItJ1dcylJXF0xGclywSOi9ZbhqvMkNuYyAhZw8u4uaSFN03YoAzao3cS4gh63Jt%2BZKW3v%2FhNTI7Laeqt8MMJrMSIyHISJgopaBA9%2BAHOSu9AOI%2FvqiW28CLy8w4sO3uwAJVso4dSCy9b9DqyOLEq%2FYBYwapK08ZnJ8CMiTbevXYypLb7wxOylDG6SXYuPP10OEO

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitHackerMalwareransomwareSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Bing Search Results Lead to Akira Ransomware via ManageEngine OpManager

Next Post

Critical WhatsApp Web DLL Sideloading Flaw Lets Attackers Hijack Sessions for CEO Fraud

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cisco Unified CM and SME Flaw Lets Attackers Launch SSRF Attacks
July 1, 2026
TONResolver Malware Abuses TON Smart Contracts for C2 Switching
July 1, 2026
Critical WhatsApp Web DLL Sideloading Flaw Lets Attackers Hijack Sessions for CEO Fraud
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us