Researchers recently discovered an ongoing, evolving campaign from a known hackers group, DarkCrewFriends This campaign targets PHP servers, focusing on creating a botnet infrastructure that can be leveraged for several purposes such as monetization and shutting down critical services. The attack chain includes exploiting an unrestricted file upload vulnerability, uploading a malicious PHP web shell, and communicating with a C&C server using an IRC channel. The attackers can leverage the malwares capabilities for various scenarios such as DDoS attack types and shell command execution.”]
Source: https://research.checkpoint.com/2020/the-return-of-the-bot-shop-crew/