A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

From securityaffairs.co

Linux botnet infection chain

Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware.

Experts highlighted that this Linux botnet downloads all the files it needs from the Tor network, including legitimate binaries like ssps, and curl. Botmasters maintain a big network of proxies that receive the connection coming from the surface web.

The malware also performs HTTP requests using shell script and Unix system design to get more information on the infected systems.

Read more…