Threat actors are using the Tox P2P messenger as C2 server



Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption.

Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server. Tox has been used in the last months by threat actors as a communication channel between ransomware gangs and their victims.

The researchers recently discovered an ELF sample that acts as a bot and can run scripts on the victim machine using the Tox protocol.

Read more…