CenturyLink Threat Research Labs observed a new evolution for the TheMoon IoT botnet, operators added a previously undocumented module that allows them to offer it with a malware-as-a-service model. TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. The new module was deployed on MIPS devices and allows operators to abuse infected devices as a SOCKS5 proxy and offer a network proxy as a service.”]
Source: https://securityaffairs.co/wordpress/80603/malware/themoon-botnet-service.html