SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
Sep 19, 2025
Botnet / Network Security
A proxy network known as REM Proxy is powered by malware known as SystemBC , offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online," the company said in a report shared with The Hacker News. "This service has been a favorite for several actors such as those behind TransferLoader , which has ties to the Morpheus ransomware group." SystemBC is a C-based malware that turns infected computers into SOCKS5 proxies, allowing infected hosts to communicate with a command-and-control (C2) server and download additional payloads. First documented by Proofpoint in 2019, it's capable of targeting both Windows and Linux systems . In a report earlier this January, ANY.RUN revealed that the Linux variant of SystemBC proxy implant is potentially desi...