“Linux/Cdorked is one of the most sophisticated Apache backdoors we have seen so far,” ESET says. The malware appears to be connected to the Darkleech attack campaign that’s been running for at least two months. The campaign is using compromised servers and malicious Apache modules to launch drive-by attacks that target known browser vulnerabilities. The best way to identify infected servers is to scan servers for the presence of shared memory created by the malware, an ESET expert says.”]
Source: https://www.darkreading.com/attacks-breaches/darkleech-apache-attacks-intensify