New variant of Gafgyt botnet uses Tor to hide its command-and-control (C2) communications, researchers say. The use of Tor by malware families is nothing new, but researchers say they haven t seen it until now. The new variant shares the same origin with samples distributed by a threat group that NetLab 360 researchers call the keksec group, and that others call the Freak threat actor. The botnet is mainly propagated through weak Telnet passwords a common issue on internet of things devices and exploiting three vulnerabilities.
Source: https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/