This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators
On Thursday, Sophos Labs’ Sivagnanm Gn and Sean Gallagher, two cybersecurity researchers, revealed detailed information on malware that has become increasingly popular over the past several months, called SystemBC. SystemBC is a remote access trojan (RAT) that is advertised across dark web forums and has the capability to abuse Tor while installed on an infected machine. The malware has been in the wild since 2019, according to the researchers.
The RAT has evolved from working as a VPN through a proxy into a backdoor that leverages the Tor network to establish persistence. This renders detection more difficult and makes the RAT more attractive to hackers. According to Sophos Labs, over the course of 2020, the malware has evolved several features and been enhanced by malicious actors. One example of this is that the RAT will copy and schedule itself as a service once deployed, however, it will not perform this function if the Emisoft antivirus software is detected on the device.