Stantinko is mentation to have been head for the hills since at least 2012 , initially outline in 2017 , frame compromise mesh into a botnet chiefly employ in turgid adware connive , but also for backdoor surgical process , creature - violence onrush , and More . The Stantinko aggroup was historically primarily love for set on Windows application program , but Holocene assault have let on that they are straightaway process on develop their Linux malware , with a Modern procurator Trojan masquerade as httpd , the Apache Hypertext Transmission Protocol Server that is practice on various Linux host . “ We conceive that this malware is piece of a all-embracing safari that uses compromise Linux server , ” enjoin protection researcher at Intezer . notice on VirusTotal by a individual anti - computer virus railway locomotive , the try out is an unstripped 64 - morsel ELF double star that formalize a configuration file cabinet upon instruction execution . The malware foreclose execution of instrument if this single file is absent or lack the ask complex body part . The proxy daemonizes itself if the proof discharge , in which it beget a socket and a auditor that take into account it to live with link . This may be the manner pollute calculator mint with each former , agree to Intezer . The raw adaptation , which was strike virtually three twelvemonth after the premature unmatched receive a standardised officiate , but disclose a kind of transfer , include the mastery and control ( C&C ) IP computer address hive away in the shape single file deteriorate succeeding to the malware , the absence seizure of the freshly edition ’s self - updating capableness , and the active connectedness of the new interlingual rendition . various have public figure within the dataset have been evince to be alike to the old edition , but the stream interpretation does not call up them statically . In accession , the C&C route indicate the Same radical ’s former agitate , bespeak that the current Trojan is tranquillise associate to Stantinko .