Cyberdudebivash

  Executive Snapshot Scale & makeup: Lumen’s Black Lotus Labs reports >80 C2 servers powering ~1,500 active bots daily , and nearly 80% of victims are commercial VPS hosts from major providers. ~40% of infections persist 31+ days —unusually long for botnets. Lumen Blog Abuse pattern: Hijacked VPS nodes are used as high-bandwidth proxies feeding services like REM Proxy , which also markets a pool of ~20,000 MikroTik routers ; researchers link usage to ransomware pipelines (e.g., Morpheus , AvosLocker ). Lumen Blog Why it sticks: Compromised VPS often show dozens of unpatched CVEs —on average ~20 per host, with at least one critical; one observed server had 160+ unpatched CVEs. Lumen Blog Independent coverage: BleepingComputer and The Hacker News corroborate the 1,500-bot, 80%-VPS, 31+ day details and the REM Proxy tie-in. BleepingComputer +1 What SystemBC Is Doing SystemBC is proxy malware : once it lands on a server, it turns that host into a tr...