SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

The SystemBC malware loader has survived a law enforcement takedown attempt and has ensnared over 10,000 machines in a botnet, cybersecurity firm Silent Push warns.

Also known as Coroxy and DroxiDat, SystemBC has been around since at least 2019 and is known for acting as a backdoor and for abusing infected machines for traffic proxying.

Historically, the malware has also been involved in the distribution of ransomware and other malicious payloads, and was targeted by authorities in May 2024 as part of Operation Endgame.

Despite the coordinated international law enforcement effort, the botnet’s activity did not cease, and its developer was seen posting updates on Russian-language underground forums, Silent Push notes.

Now, there are more than 10,000 IP addresses generating SystemBC-specific traffic, most of them in the US (4,300). Large numbers of victims were also identified in Germany (829), France (448), Singapore (419), and India (294 ...