Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
A new wave of cyber threats is quietly impacting servers worldwide. The malware, known as SystemBC, has been detected infecting over 10,000 IP addresses, including some hosting government websites.
Security specialists warn that such infections often serve as the first step toward more severe attacks like ransomware.
Researchers from Silent Push reported that SystemBC operates as a proxy-type malware, transforming compromised systems into nodes for criminal traffic. It also opens hidden remote access to internal networks, allowing attackers to use infected machines as footholds for further intrusion. In some cases, additional malicious modules, including ransomware, were deployed through SystemBC.
The majority of affected systems are located in the United States, followed by Germany, France, Singapore, and India. The infections are widespread, showing that no region is immune to this malware. Notably, government servers in Vietnam and Burkina Faso were found compromised-not by direct portal attacks, but via the underlying server infrastructure, posing risks for both users and administrators.
The infected servers often remain active for extended periods, averaging around 38 days, with some nodes operational for over 100 days. Most victims are hosted by providers rather than private devices, which contributes to the longevity of infections due to infrequent IP changes. Control infrastructure is often hosted with providers slow to respond to abuse complaints, further enabling attackers to maintain command over nodes.
A previously undocumented SystemBC variant, written in Perl and targeting Linux systems, was also discovered. At the time of analysis, no mainstream antivirus engine recognized this variant, demonstrating the malware’s evolving stealth capabilities. Despite international police operations in 2024, the author continues activity on forums, highlighting ongoing development of the SystemBC family.
Evidence indicates that many infected nodes facilitated attacks on WordPress-managed sites. SystemBC proxies obscure attackers’ true infrastructure and bypass network restrictions. Experts advise early detection of SystemBC signs, regular server audits, software updates, and monitoring network activity to reduce the risk of prolonged compromise.
The research conducted by Silent Push underscores the importance of vigilance. Organizations are encouraged to adopt proactive monitoring and incident response strategies to mitigate these invisible yet highly impactful threats.
Awareness remains the strongest defense. In a landscape where malware silently manipulates network infrastructure, only early detection and strategic prevention can prevent minor infections from escalating into catastrophic breaches.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
