Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. The malware uses universal plug and play (UPnP) to open ports, allowing incoming connections from anyone on the Internet to communicate with the infected machine. This technique allows masquerading the IP address of the real C&C server. Infected machines at the first level of proxy use the libcurl library to pass information to the second-layer which then route the traffic to the real C &C servers.”]
Source: http://securityaffairs.co/wordpress/60233/malware/pinkslipbot-banking-trojan.html