SystemBCis making its mark as a popular tool used in high-profile ransomware campaigns. A Remote Access Trojan (RAT) on sale in underground forums has evolved to abuse Tor when maintaining persistence on infected machines. On Thursday, Sophos Labs’ Sivagnanam Gn and Sean Gallagher revealed ongoing research into the malware, which has been in the wild since 2019. Dubbed SystemBC, the RAT has evolved from acting as a virtual private network (VPN) through a SOCKS5 proxy into a backdoor that leverages the Tor network to establish persistence and make tracing connected command-and-control (C2) servers a more difficult task.