Linux Malware To Watch Out For in 2022

Linux attacks are prevalent and it's important to know what you are up against to better prepare for such attacks. Linux attacks can be carried out from a variety of methods, including the Internet, local access, and spoofed IP addresses.

Technology Leaders Address Oracle Open World Conference
SAN FRANCISCO - OCTOBER 25: Oracle CEO Larry Ellison delivers a keynote address at the 2006 Oracle OpenWorld conference October 25, 2006 in San Francisco. The Annual Oracle OpenWorld conference runs through October 26. (Photo by Justin Sullivan/Getty Images

The majority of Linux attacks occur through the Internet. Many of these attacks come from poorly configured or malicious web applications. Attacks can occur when script code is injected into the vulnerable web application.

Implementation of Linux systems is common amongst enterprises and individuals. Many of these users and companies rely on open source software, which can be prone to malicious attack.

Furthermore, Linux malware is becoming more diverse, the more you should be aware of the common attacks you might encounter. What are they?

Cryptojacking

This is a very popular type of Linux malware because it produces money quickly. It uses computational resources to generate cryptocurrencies for an attacker. Furthermore, it has become even more prevalent with XMRig and Sysrv.

To target victims, cybercriminals use lists of default passwords, bash exploits or exploits that intentionally target misconfigured systems with weak security.

XorDDoS, Mirai, and Mozi

XorDDoS, Mirai, and Mozi are three malware families that follow the same pattern of infecting devices, amassing them into a botnet, and using them for DDoS attacks.

Mirai compromises devices by using Telnet and Secure Shell (SSH) and is the common ancestor to a lot of Linux DDoS malware strains. In fact, they continue to evolve.

Another one is the XorDDoS which rose significantly in the last six months. It uses variants of itself compiled for ARM, x86, and x64 Linux architectures for a successful infection.

Finally, Mozi blocks SSH and Telnet ports and creates a peer-to-peer botnet network and uses the Distributed Hash Table (DHT) system to hide its communication with the command-and-control server behind legit DHT traffic.

Also read: Microsoft Detects a Significant Growth in Linux XorDDos Malware

Windows Subsystem for Linux (WSL)

The malware can also exploit Windows machines through the WSL. The WSL lets Linux binaries run natively on this OS. So far, it has been found that the techniques used are proxying execution and installing utilities.

Companies can protect their systems by disabling virtualization and the ability to install WSL. It would also be helpful to do an audit running process regularly.

Protect Against Malware

Linux is a powerful, stable and flexible operating system, but this doesn't mean your system is invulnerable to malware, even if you are running a non-Windows system. You can protect your systems against malware with these tips:

  • Make sure to keep your system updated for patches
  • Enable automatic updates for the operating system and applications
  • Use anti-malware and anti-virus programs
  • Enable two-factor authentication
  • Use a firewall
  • Install Linux security software

These tips will help minimize the risks associated with running Linux systems.

Related article: New Linux Malware Targets Supercomputers' SSH Credentials from North America, Asia, and Europe!

This article is owned by TechTimes

Written by April Fowell

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Linux
Join the Discussion
Real Time Analytics