SystemBC resurfaces as resilient proxy botnet, infecting over 10,000 hosts
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
Asus-router infections form resilient KadNap proxy network
Researchers link a 14,000-device proxy network to a peer-to-peer botnet labeled KadNap , which exploits unpatched router flaws to hide control infrastructure and carry anonymous traffic. The botnet’s use of a Kademlia -style DHT and growth from ~10k to 14,000 devices signals higher takedown cost and greater abuse of consumer gateways.
Google GTIG Disrupts IPIDEA Residential Proxy Network in the United States
Google's Threat Intelligence Group, allied with infrastructure partners, dismantled the IPIDEA residential proxy operation that hijacked Android phones and Windows PCs to relay adversary traffic. The takedown targeted command-and-control points, shut down domains and updated detection signals to hinder future reuse of the same toolset.
Aeternum: Botnet Loader Anchors Command Channel on Polygon
Aeternum uses the Polygon chain to host encrypted C2, letting operators dispense commands without traditional servers. This model lowers operational cost, boosts takedown resistance, and expands a turnkey blockchain C2 market for malware authors.
Polyfill.io Compromise Linked to North Korean Operators, Impacting 100k+ Sites
Forensic artifacts (LummaC2 sample and harvested CDN/DNS credentials) tie the 2024 Polyfill.io library compromise to operators aligned with North Korea; investigators warn the incident exemplifies a broader trend of supply‑chain abuse that pairs credential theft, control‑plane takeover, and resilient off‑platform monetization to convert web traffic into crypto flows.
Malware Campaign Used Hugging Face to Host Android RAT Payloads
Security researchers discovered an Android remote-access Trojan distributed via a dropper that redirected victims to Hugging Face-hosted payloads. The campaign used short-lived repositories and frequent payload updates to evade takedowns while abusing a popular model-sharing platform as a file host.
Investigation Links ShinyHunters to Broad Vishing Campaign Targeting Over 100 Organizations
Researchers say a coordinated campaign combined telephone-based social engineering with browser-resident phishing toolkits to target more than 100 organisations across sectors, manipulating live authentication sessions to bypass MFA and SSO protections. A contemporaneous but separate infostealer disclosure — an unsecured cache of roughly 149 million credential pairs captured from endpoints — heightens the risk of credential-stuffing and targeted vishing, complicating response and containment.
Massive 149M credential trove exposes risks from infostealer malware to crypto and government accounts
A researcher found a publicly accessible collection of roughly 149 million stolen logins harvested by credential-stealing malware, including hundreds of thousands tied to major crypto platforms and numerous government-related accounts. The exposure stems from infected end-user devices rather than platform breaches, but it raises urgent questions about account hygiene, phishing risk, and detection across the crypto and social-media ecosystems.
Industrial Control Systems: Rising pre‑positioning and ransomware force OT resilience shift
By 2026, adversaries will increasingly combine quiet, long‑dwell reconnaissance with financially motivated ransomware and faster weaponization to exploit ICS. Defenders must adopt CTEM, identity‑centric controls (including comprehensive machine‑identity inventories and rapid revocation), OT‑aware zero trust, SBOM-driven supply‑chain visibility, and conservative AI-based anomaly detection to preserve uptime and compress remediation windows.