A new financially motivated campaign is actively targeting vulnerable SSH servers to covertly ensnare them in a proxy network. According to researchers, the attackers leverage SSH for remote access, thus running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network.

Source: Heimdal Security Blog