The linux-based malware Rex has not yet spread to an alarming number of users nor is that dangerous as initially thought. What has been revealed so far is that it is a malware with 150 zombie-computers (bots) under its possession worldwide.

Initially the security researchers who begun its analysis last May, believed that the Rex was a ransomware that exploited Drupal websites’ vulnerabilities, in order to encrypt their files and then demanded liters for their decryption.

A more thorough analysis, however, which was completed during the summer, revealed that the malware, during its initial infections in computing systems had many different functions. It was able to carry out DDoS attacks (distributed denial of service attacks), to use the power of computer systems that violate the crypto-currency production as Bitcoins, BlackCoins, Dash etc., to communicate with partner bots through the DHT protocol P2P, and to reproduce itself in any other device possible.

Security researchers inform that the malware creator team aimed to penetrate into computer systems rather than create a botnet conducting DDoS-type attacks. Attackers exploited vulnerabilities in Drupal and WordPress and Magento based websites, as well as applications such Exagrid, Apache Jetspeed and AirOS home routers.

Of course both the malware Rex as well as its functionality are evolving day by day by its creators for the purpose of further spreading the virus.

Source: https://secnews.gr/149747/αλήθεια-πίσω-από-επικίνδυνο-rex-botnet/