Security News > 2022 > May > Microsoft detects massive surge in Linux XorDDoS malware activity
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today.
XorDDoS is known for targeting a multitude of Linux system architectures, from ARM to x64, and compromising vulnerable ones in SSH brute-force attacks.
"We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft added.
The huge boost in XorDDoS activity Microsoft detected since December lines up with a report by cybersecurity firm CrowdStrike which said that Linux malware had seen a 35% growth during 2021 compared to the previous year.
XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all malware attacks targeting Linux devices observed in 2021.
Of the three, CrowdStrike said that XorDDoS saw a notable year-over-year increase of 123%, while Mozi had an explosive activity growth, with ten times more samples detected in the wild throughout last year.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)