New Version of Stantinko Group Linux Proxy Trojan masquerades as httpd
released on 2020-11-24 @ 09:13:45 PM
Researchers at Intezer have identified a new version of Linux proxy trojan related to the Stantinko group, a group known for targeting Windows operating systems. Intezer has identified a new version of the Linux trojan proxy, originally discovered by ESET, masqueraded as httpd. httpd is the Apache HTTP Server, a commonly used program on Linux servers. The sample’s version is 2.17, and the older version is 1.2*. Intezer believes this malware is part of a broader campaign that takes advantage of compromised Linux servers.