Skip to main content
Home SystemBC

SystemBC

Also known as: No known aliases

Category: Malware

Type: Remote access trojan (RAT) and proxy trojan

Platform: Windows

Variants: Coroxy, DroxiDat, Backdoor.Win32.SYSTEMBC.SM.hp, TrojanSpy.Win32.SYSTEMBC.FBV, Backdoor.Win32.SYSTEMBC.G, Backdoor.PS1.SYSTEMBC.THIBOBB, Backdoor.PS1.SYSTEMBC.A. Variants include updates that add SOCKS5 proxy capabilities and Tor communication channels.

Damage potential: Setting up a proxy on infected systems, anonymizing attacker traffic, downloading additional malware, allowing remote control, evading detection, escalating attacks in conjunction with ransomware, and facilitating further attacks.

Overview

SystemBC emerged in June 2019, with the first samples dating back to October 2018. It is a type of malware that functions primarily as a remote access trojan and a proxy trojan. It is often associated with various cybercriminal groups, including those distributing ransomware like Ryuk, Conti, and Egregor. These and other hacker groups use SystemBC to hide their network traffic and facilitate broader cyberattacks.

Once SystemBC infects a system, it establishes a proxy, enabling cybercriminals to hide their activities and route malicious traffic through the infected device. This proxy capability helps attackers evade detection by security systems. Additionally, SystemBC can download and execute other malicious payloads, making it a versatile tool for launching further attacks, such as ransomware attacks or data exfiltration.

Possible symptoms

SystemBC can slow down your computer’s performance by running malicious processes in the background, such as downloading and executing additional payloads or relaying system information to remote servers. Other possible symptoms include:

  • Slow or unresponsive system performance.
  • Spikes in network activity.
  • Unknown processes in the task manager.
  • Increased use of CPU or memory.
  • Unauthorized changes in system settings.
  • Disabled security programs, such as antivirus and other security software.
  • Inability to access security websites.

Sources of infection

Cybercriminals might infect your device with SystemBC in a few different ways:

  • By sending phishing emails. Attackers make these emails look legitimate to trick recipients into clicking on a link or downloading an attachment, which then installs the malware onto their system.
  • By using drive-by downloads. Some compromised or malicious websites will automatically download and install the malware when you visit them.
  • By embedding the malware into compromised software or hardware. Attackers might embed the malware into software updates, free downloads from untrusted sources, or even through corrupted hardware. Once you use these programs or devices, they act as trojans, opening a backdoor for SystemBC to infiltrate the system.
  • By exploiting network vulnerabilities, such as outdated security protocols or weak passwords. Attackers use them to gain access to your network.

Protection

The most effective way to protect against SystemBC is to educate yourself about malware and online threats, such as phishing attacks. Here are some more protective measures to take:

  • Using antivirus software. Purchase and install reputable antivirus software with real-time protection to prevent SystemBC.
  • Regularly updating your programs. Keep your operating system, browsers, and all applications up to date to patch known vulnerabilities.
  • Using Threat Protection Pro. Purchase NordVPN with the advanced Threat Protection Pro™ feature, which blocks malicious ads and suspicious sites and scans files for malware as you download them.
  • Filtering email. Use advanced email filtering solutions to block phishing emails and malicious attachments.
  • Avoiding suspicious links and attachments. Never click on unfamiliar links or suspicious attachments, especially from unknown senders.
  • Improving network security. Set up firewalls, intrusion detection systems, and endpoint protection to detect and prevent SystemBC.
  • Using a password manager. Never keep your passwords written in plain text on your computer. Use a trusted password manager like NordPass, which allows you to store all your credentials under one master password.
  • Implementing multi-factor authentication (MFA). MFA adds an extra layer of security to your accounts.
  • Monitoring network traffic. Use network monitoring tools to detect unusual activity that may indicate a malware infection.

Removal

If you suspect SystemBC has infected your system, immediately disconnect your device from the internet to cut communication with the malware’s command and control servers. Then restart your computer in safe mode to limit the malware’s ability to function.

Run a full system scan with a reputable antivirus program to detect and remove SystemBC. Follow the steps recommended by the antivirus software to ensure thorough malware removal. Allow the antivirus program to quarantine or delete any detected threats.

Once you have removed SystemBC from your system, change all your online account passwords to protect your data. Use strong, unique passwords for each account. If the malware persists or you cannot remove it completely, contact a cybersecurity professional for help.