02 August 19, 14:32
Quote:A new malware strain is being distributed by threat actors via exploit kits like Fallout and RIG to hide malicious network traffic with the help of SOCKS5 proxies set up on compromised computers.
The malware, provisionally named SystemBC by the Proofpoint Threat Insight Team researchers who found it, uses secure HTTP connections to encrypt the information sent to command-and-control servers by other strains dropped on the infected machines.
"SystemBC is written in C++ and primarily sets up SOCKS5 proxies on victim computers that can then be used by threat actors to tunnel/hide the malicious traffic associated with other malware," says Proofpoint.
"In the most recently tracked example, the Fallout exploit is used to download the Danabot banking Trojan and a SOCKS5 proxy which is used on the victim’s Windows system to evade firewall detection of command and control (C2) traffic," the researchers found.
SOURCE: https://www.bleepingcomputer.com/news/se...s-traffic/