A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect. The botnet, dubbed ZHtrap, is loosely based on Mirai’s source code and comes with support for x86, ARM, MIPS, and other CPU architectures. It uses a Tor command-and-control server to communicate with other botnet nodes and a Tor proxy to conceal malicious traffic. Once it takes over a device, it prevents other malware from re-infecting its bots with the help of a whitelist that only allows already running system processes.
Source: https://www.bleepingcomputer.com/news/security/new-zhtrap-botnet-malware-deploys-honeypots-to-find-more-targets/