A new malware strain is being distributed by threat actors via exploit kits like Fallout and RIG to hide malicious network traffic with the help of SOCKS5 proxies set up on compromised computers.
The malware, provisionally named SystemBC by the Proofpoint Threat Insight Team researchers who found it, uses secure HTTP connections to encrypt the information sent to command-and-control servers by other strains dropped on the infected machines.
“SystemBC is written in C++ and primarily sets up SOCKS5 proxies on victim computers that can then be used by threat actors to tunnel/hide the malicious traffic associated with other malware,” says Proofpoint.