For those who want a tl;dr: spread via unknown trojanized application(s), and the rootkit targets Linux 3.10 (released 2013) and 2.6 (even older). Oh, and the C2 servers have been shut down already.
Surprising, however, that apparently it took until 2020 to discover, even though it's based on an 8 year old rootkit project.
Surprising, however, that apparently it took until 2020 to discover, even though it's based on an 8 year old rootkit project.