“This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a P2P proxy network, such as Peer2Profit or Honeygain,” Akamai researcher Allen West said.