Subj : VPS servers hijacked into malware proxies - here's how to stay sa To : All From : TechnologyDaily Date : Fri Sep 19 2025 14:00:10 VPS servers hijacked into malware proxies - here's how to stay safe Date: Fri, 19 Sep 2025 12:54:58 +0000 Description: Lumen report details SystemBC and its bold, out-in-the-open tactic. FULL STORY ======================================================================SystemBC botnet hijacks VPS servers, making up 80% of its active proxy nodes Infected VPS machines relay traffic for phishing, brute-force, and ransomware operations Bots generate high-volume traffic daily, often staying active for weeks despite blacklisting Cybercriminals are increasingly hijacking Virtual Private Servers ( VPS ) to build high-volume malware proxy networks, experts have warned. Cybersecurity researchers at Lumen Technologies Black Lotus Labs recently detailed the works of the SyxtemBC botnet, active since early 2019, which has quietly amassed more than 80 command-and-control servers, and maintains an average of 1,500 active bots daily. What makes this botnet stand out is the fact that nearly 80% of the compromised systems are Virtual Private Servers ( VPS ). Cybercrime infrastructure Usually, a botnet would rely on residential devices (computers, routers, smart home devices, DVRs, cameras, and similar), but SystemBC takes a different approach and exploits servers with dozens, sometimes hundreds, of unpatched vulnerabilities. While we could not determine the initial access vector used by SystemBC operators, our research revealed that, on average, each victim shows 20 unpatched CVEs and at least one critical CVE with one address shown as having over 160 unpatched vulnerabilities, the researchers explained. These infected VPS machines are repurposed as proxy relays, enabling threat actors to route enormous volumes of malicious traffic for phishing, brute-force attacks, and ransomware operations, among other things. To make matters worse, many of these compromised servers remain active for weeks, and 40% stay infected for more than a month. There are numerous advantages to targeting VPS infrastructure instead of residential endpoints, Lumen further explains. VPS offers higher bandwidth, long infection lifespans, and minimal disruption to end users. This allows criminal proxy services, such as REM Proxy, or VN5Socks, to market these bots to other threat groups, including ransomware operators such as AvosLocker, or Morpheus. Another thing that makes SystemBC stand out is its operators complete disregard of stealth. The bots routinely generate gigabytes of traffic per day and are quickly flagged and blacklisted. However, they continue to function as part of sprawling proxy networks. Lumen has responded by blocking all traffic to and from SystemBC-related infrastructure across its global backbone and has released indicators of compromise to aid defenders, which can be found on this link . Via BleepingComputer You might also like Tor malware is becoming a worryingly popular ransomware tool Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/vps-servers-hijacked-into-malware-proxi es-heres-how-to-stay-safe --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .