Cisco Talos experts have discovered a never-before-seen remote access trojan (RAT) that utilizes Tor proxies to redirect traffic from infected hosts to servers hidden on the Tor network. Cisco says that AthenaGo is currently distributed via spam emails and it’s only targeting users in Portugal, as the theme of the spam lure is a Word file posing as a document received from Portugal’s main postal service. Both the malware and the malicious Word files appear to have been signed with the same username, meaning it’s likely that one person is behind the creation and distribution.
Source: https://www.bleepingcomputer.com/news/security/athenago-rat-uses-tor2web-proxy-system-to-hide-candc-server/