A botnet that used the Tor anonymizing network has been spotted rearing its ugly head again. The Sefnit botnet, a.k.a. Mevade, is back with its original encrypted C&C model. Facebook’s security team posted technical details this week of the throwback SSH version of the botnet. The botnet used Tor as a way to obfuscate its C.C&C traffic, and it allowed operators to drop larger files on to victim machines.”]
Source: https://www.darkreading.com/attacks-breaches/sefnit-botnet-swaps-tor-for-ssh