ESET has discovered 21 new malware families affecting Linux


Linux is a more secure operating system than Windows, but even Linux is not immune to malware.

Of course, over time, the number of malware families targeting Linux has grown. While the number of Linux attacks still isn’t anywhere near the amount of malware attacks on Windows systems, it’s still necessary for cyber-security firms to keep an eye on Linux threats.

ESET did just that, and they’ve published a report that details 21 newly discovered Linux malware families. All of the malware strains operate in the same manner, as they’re all trojanized versions of the OpenSSH client.

The malware strains are developed as second-stage tools that are meant to be deployed in more complex “botnet” schemes. Attackers use it by compromising a Linux system, usually a server. They then replace the legitimate OpenSSH installation with one of the OpenSSH trojanized versions.

ESET found that “18 out of the 21 families featured a credential-stealing feature, making it possible to steal passwords and/or keys” and “17 out of the 21 families featured a backdoor mode, allowing the attacker a stealthy and persistent way to connect back to the compromised machine.”

ESET has released a 53-page report detailing each of the 21 strains that they discovered. Some of the malware strains are very simple, but some are also quite complex, most likely being the work of experienced malware developers.

Most Linux users should be safe from these attacks.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648