Security News > 2022 > May > Microsoft detects massive surge in Linux XorDDoS malware activity
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today.
XorDDoS is known for targeting a multitude of Linux system architectures, from ARM to x64, and compromising vulnerable ones in SSH brute-force attacks.
"We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft added.
The huge boost in XorDDoS activity Microsoft detected since December lines up with a report by cybersecurity firm CrowdStrike which said that Linux malware had seen a 35% growth during 2021 compared to the previous year.
XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all malware attacks targeting Linux devices observed in 2021.
Of the three, CrowdStrike said that XorDDoS saw a notable year-over-year increase of 123%, while Mozi had an explosive activity growth, with ten times more samples detected in the wild throughout last year.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)