The latest Linux version of the Stantinko botnet is designed to disguise the malware as an Apache server to help better avoid security tools and remain hidden, researchers say. The botnet, which has been in operation since at least 2012, was created to increase its malicious infrastructure. In 2017, research firm ESET reported that a Linux version had been created. Botnet’s operators appear to have placed more emphasis on avoiding security tools, the report says. The operators switched the proxy version file name to “httpd,” which is normally associated with the Apache Hypertext Transfer Protocol Server, a commonly used program on Linux servers.”]
Source: https://www.cuinfosecurity.com/linux-botnet-disguises-itself-as-apache-server-a-15461