A malware infection known as Sefnit has resurfaced with a few new twists.

Sefnit was noted for its use of the Tor anonymising network as a means of avoiding detection. It was associated with click fraud and bitcoin mining activities in 2013. At that time, the malware was using the TOr network to hide its command and control servers.

Now it is back, but not using the Tor network. Instead, establishing direct connections via a secure Plink connection with one or more command and control servers. Researchers listed thirty domains which have already been associated with the malware infections.