A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies have revealed. Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users to online servers, on which they install a cryptocurrency-mining malware.

Once they are established, botnets are often used as a proxy to conduct attacks. It\’s very common for them to be rented out, as part of the cybercrime-as-a-service economy, for credential stuffing and DDoS. During idle time they are used for crypto-mining.
To protect themselves, businesses need to think about hybrid threats, as these botnets provide a wide range of access points from residential origins and can’t be easily blocked.