From securityaffairs.co
Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware.
Experts highlighted that this Linux botnet downloads all the files it needs from the Tor network, including legitimate binaries like ss, ps, and curl. Botmasters maintain a big network of proxies that receive the connection coming from the surface web.
The malware also performs HTTP requests using shell script and Unix system design to get more information on the infected systems.