A new Linux botnet, named B1txor20 was found exploiting Log4J, targeting Linux systems and infecting dozens of vendors who are using the vulnerable Apache Log4j logging library. The botnet uses the exploit to steal sensitive information, install rootkits, create reverse shells and act as web traffic proxies. What makes this bot unique is that it was using DNS tunnelling to conceal its communication traffic – an old but reliable technique.
New Linux Botnet Exploding Log4J, DNS Tunnelling Used To Conceal Comms Traffic
