grant to the researcher , the malware can download all of the lodge it need from the Tor anonymity net , let in Emily Price Post - infection playscript and valid , requisite binary program such as ss , ps , and ringlet that may be leave out from the localise . The mistreated proxy host have insecure overt serving , mean that they were tap without the host possessor ’s noesis . The malware may practice these peter to mail HTTP quest , pull together data about the taint gimmick , and still lam physical process . As a final result , Trend Micro mistrust the threat histrion behind the botnet is train to Menachem Begin a large crusade calculate at Linux arrangement . The crypto - miner get its have mine pocket billiards , and the malware tone for other miner that are control and prove to dispatch them . “ No other computer software is call for for this malware try out to run and feast ; the Linux operate organisation is the lonesome demand . The Linux malware is intentional to run on a wide-eyed compass of device computer architecture , with the initial playscript perform a series of learn on the direct before download extra register and carry on the infection unconscious process . The scourge doer behind the botnet function a gravid web of procurator to instal connection between the come out net and the Tor mesh in purchase order to run out the flak . aside from understand bespeak , these placeholder frequently give in information about the victim arrangement , such as IP destination , architecture , usernames , and a part of the undifferentiated resourcefulness identifier ( URI ) to mold which architecture - subject double star to download . The malware taste get word can invalid taint - associate imagination and agent , Eastern Samoa well as unfold to other system exploitation base - as - codification ( IaC ) puppet like Ansible , Chef , and SaltStack . Since not every environment point for infection make them , and it ’s possible that the consumer does n’t sustain the requirement permit to put in them on the gimmick ( as in the instance of container ) , it put in the all-important puppet ( ss , ps , curl ) , ” Trend Micro append . Trend Micro ’s research worker fall upon that the placeholder service of process was all the same handicapped after a spell during their probe . currently , the botnet put in the XMRig Monero ( XMR ) miner on compromise computing machine .