Security News > 2023 > November > Socks5Systemz proxy service infects 10,000 systems worldwide

Socks5Systemz proxy service infects 10,000 systems worldwide
2023-11-05 15:17

A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices.

Socks5Systemz is detailed in a report by BitSight that clarifies that the proxy botnet has been around since at least 2016 but has remained relatively under the radar until recently.

Exe,' and their task is to inject the proxy bot onto the host's memory and establish persistence for it via a Windows service called 'ContentDWSvc.

The proxy bot payload is a 300 KB 32-bit DLL. It uses a domain generation algorithm system to connect with its command and control server and send profiling info on the infected machine.

The connect command is crucial, instructing the bot to establish a backconnect server connection over port 1074/TCP. Once connected to the threat actors' infrastructure, the infected device can now be used as a proxy server and sold to other threat actors.

Standard subscribers are limited to a single thread and proxy type, while VIP users can use 100-5000 threads and set the proxy type to SOCKS4, SOCKS5, or HTTP. Prices for each service offering are given below.


News URL

https://www.bleepingcomputer.com/news/security/socks5systemz-proxy-service-infects-10-000-systems-worldwide/