New Linux botnet SSHStalker uses old-school IRC for C2 comms

This news article reports on a newly documented Linux botnet named SSHStalker, which uses the old-school IRC communication protocol for command-and-control operations. The botnet relies on classic IRC mechanics and prioritizes resilience and scale over stealth. It achieves initial access through automated SSH scanning and brute forcing, and once a host is compromised, it downloads the GCC tool for compiling payloads. The botnet features C-based IRC bots, cron jobs for persistence, and exploits for 16 CVEs targeting Linux kernel versions from 2009-2010. It also includes cryptomining kits and DDoS capabilities, though no such attacks have been observed yet.