• Business

    VPS servers hijacked into malware proxies – here’s how to stay safe

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    VPS servers hijacked into malware proxies - here's how to stay safe

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    It seems even DNS records can be infected with malware now – here’s why that’s a major worry

    This new malware really goes the extra mile when it comes to infecting your devices

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    China-backed “LapDogs” hackers hijacked hundreds of devices in an outlandish intel campaign aimed at US and Asian targets

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    Google sues alleged hackers behind BadBox 2.0 botnet which has infected millions of devices

    GitHub users targeted with dangerous malware attacks – here’s what we know

    Hackers abuse TOR network and misconfigured Docker APIs to steal crypto – so keep an eye on your wallet

    Hundreds of DVRs and routers are being hijacked to form another major botnet

    Thousands of ecommerce sites at risk after popular CMS targeted by malware attack — here’s what you need to know

    Hundreds of LLM servers left exposed online – here’s what we know

    Researchers uncover huge IPTV piracy network spanning 1,000 domains and 10,000 IP addresses – here’s what you need to know

    Chinese hackers are targeting web hosting firms – here’s what we know

    Npm package with millions of downloads is at risk from malware hijacking

    How XWorm is fueling the rise of plug-and-play malware

    VPS servers hijacked into malware proxies – here’s how to stay safe

    Sead Fadilpašić

    19 September 2025

    Lumen report details large SystemBC botnet

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock)

    SystemBC botnet hijacks VPS servers, making up 80% of its active proxy nodes
    Infected VPS machines relay traffic for phishing, brute-force, and ransomware operations
    Bots generate high-volume traffic daily, often staying active for weeks despite blacklisting

    Cybercriminals are increasingly hijacking Virtual Private Servers (VPS) to build high-volume malware proxy networks, experts have warned.

    Cybersecurity researchers at Lumen Technologies Black Lotus Labs recently detailed the works of the SyxtemBC botnet, active since early 2019, which has quietly amassed more than 80 command-and-control servers, and maintains an average of 1,500 active bots daily.
    What makes this botnet stand out is the fact that nearly 80% of the compromised systems are Virtual Private Servers (VPS).

    You may like

    It seems even DNS records can be infected with malware now – here’s why that’s a major worry

    This new malware really goes the extra mile when it comes to infecting your devices

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    Cybercrime infrastructure
    Usually, a botnet would rely on residential devices (computers, routers, smart home devices, DVRs, cameras, and similar), but SystemBC takes a different approach and exploits servers with dozens, sometimes hundreds, of unpatched vulnerabilities.

    “While we could not determine the initial access vector used by SystemBC operators, our research revealed that, on average, each victim shows 20 unpatched CVEs and at least one critical CVE – with one address shown as having over 160 unpatched vulnerabilities,” the researchers explained.
    These infected VPS machines are repurposed as proxy relays, enabling threat actors to route enormous volumes of malicious traffic for phishing, brute-force attacks, and ransomware operations, among other things.
    To make matters worse, many of these compromised servers remain active for weeks, and 40% stay infected for more than a month.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    There are numerous advantages to targeting VPS infrastructure instead of residential endpoints, Lumen further explains. VPS’ offers higher bandwidth, long infection lifespans, and minimal disruption to end users. This allows criminal proxy services, such as REM Proxy, or VN5Socks, to market these bots to other threat groups, including ransomware operators such as AvosLocker, or Morpheus.
    Another thing that makes SystemBC stand out is its operators’ complete disregard of stealth. The bots routinely generate gigabytes of traffic per day and are quickly flagged and blacklisted. However, they continue to function as part of sprawling proxy networks.
    Lumen has responded by blocking all traffic to and from SystemBC-related infrastructure across its global backbone and has released indicators of compromise to aid defenders, which can be found on this link.
    Via BleepingComputer
    You might also like

    Tor malware is becoming a worryingly popular ransomware tool
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    It seems even DNS records can be infected with malware now – here’s why that’s a major worry

    This new malware really goes the extra mile when it comes to infecting your devices

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    China-backed “LapDogs” hackers hijacked hundreds of devices in an outlandish intel campaign aimed at US and Asian targets

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    Google sues alleged hackers behind BadBox 2.0 botnet which has infected millions of devices

    Latest in Security

    Most companies admit their current security can’t stop AI cybercrime

    CrowdStrike snaps up Pangea to boost AI security

    Top VC firm is warning thousands their data may have been hacked – here’s how to stay safe

    New York Blood Center data breach sees 200,000 affected – and you might not even know you’ve been hit

    Scattered Spider hackers return to hit more victims – despite retirement claims

    Google patches another worrying Chrome security flaw – so update now, or be at risk

    Latest in News

    VPS servers hijacked into malware proxies – here’s how to stay safe

    The end of Nest? Google’s mysterious speaker stars in new leak that hints at smart home shakeup

    Peacemaker star Frank Grillo breaks down Rick Flag Sr’s brutal beatdown of Chris Smith in season 2 episode 6: ‘It’s like a volcano erupting’

    Over half of SMB employees say they’re considering quitting – so how can bosses keep their best talent?

    Data sovereignty is becoming a bigger challenge than ever – so what steps can businesses take?

    I couldn’t decide between the iPhone 17 Pro and iPhone Air, so I bought both – which one should I keep?

    LATEST ARTICLES

    VPS servers hijacked into malware proxies – here’s how to stay safe

    Microsoft announces “world’s most powerful data center” in latest billion-dollar AI spending splurge

    Peacemaker star Frank Grillo breaks down Rick Flag Sr’s brutal beatdown of Chris Smith in season 2 episode 6: ‘It’s like a volcano erupting’

    ‘I actually took a call on a jet-ski a few weeks ago… you can basically stand in a wind tunnel’: Mark Zuckerberg may have just solved my biggest open-ear headphone problem with the Oakley Meta Vanguard smart glasses

    The end of Nest? Google’s mysterious speaker stars in new leak that hints at smart home shakeup

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like