Researchers at Zscaler who recently analyzed the threat described DreamBus as a modular piece of malware targeting Linux applications running on hardware systems with powerful CPUs and large amounts of memory. The DreamBus botnet that has been assembled from systems the malware has compromised is currently being used to deploy the XMRig CPU miner to mine Monero cryptocurrency. But the same malware can be easily repurposed to deliver other more dangerous payloads, such as ransomware and malware, for stealing and holding data at ransom, says Brett Stone-Gross, director of threat intelligence at Zscaler. "DreamBus can deploy arbitrary modules and execute arbitrary commands on a remote system," he says. "Given the prevalence of the software applications that are targeted and the aggressive worm-like spreading techniques, the number [of compromised systems is] likely in the tens of thousands."