Malware masquerades as HTTPd, a commonly used program on Linux servers. ESET observed a Linux trojan proxy deployed via malicious binaries on compromised servers. New version of the malware belongs to threat actor tracked as Stantinko, an adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012. Researchers say the new variant shares several function names with the old version and that some hardcoded paths bear similarities to previous Stantinkso campaigns.
Source: https://thehackernews.com/2020/11/stantinko-botnet-now-targeting-linux.html