Security News > 2020 > November > Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
2020-11-24 06:56

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.

According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.

Although Stantinko has been traditionally a Windows malware, the expansion in their toolset to target Linux didn't go unnoticed, with ESET observing a Linux trojan proxy deployed via malicious binaries on compromised servers.

Intezer's latest research offers fresh insight into this Linux proxy, specifically a newer version of the same malware called "Httpd," with one sample of the malware uploaded to VirusTotal on November 7 from Russia.

"Stantinko is the latest malware targeting Linux servers to fly under the radar, alongside threats such as ​Doki​, ​IPStorm​ and ​RansomEXX​," the firm said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/VDp2MkHtHkI/stantinko-botnet-now-targeting-linux.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2613 1617 67 4361