This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators

A Remote Access Trojan (RAT) on sale in underground forums has evolved to abuse Tor when maintaining persistence on infected machines.

On Thursday, Sophos Labs’ Sivagnanam Gn and Sean Gallagher revealed ongoing research into the malware, which has been in the wild since 2019.

Dubbed SystemBC, the RAT has evolved from acting as a virtual private network (VPN) through a SOCKS5 proxy into a backdoor that leverages the Tor network to establish persistence and make tracing connected command-and-control (C2) servers a more difficult task.

Read more…
Source: ZDNet