In order to compromise vulnerable SSH servers, the attackers were seen executing a number of proxyjacking operations. They make money off of them by using proxyware services that pay for the use of extra internet bandwidth. A Peer-to-Peer (P2P) proxy network, such as Peer2Proxy or Honeygain, is being secretly joined by victim servers thanks to the attackers use of SSH for remote access and malicious scripts.
The attackers used a Bash script that was Base64 encoded after they connected successfully to one of the susceptible SSH servers. The infected systems were successfully added to Honeygains or Peer2Profits proxy networks by this script.