Security News > 2022 > May > Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft.

The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control server, is known to have been active since at least 2014.

"XorDdos' modular nature provides attackers with a versatile trojan capable of infecting a variety of Linux system architectures," Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar Or of the Microsoft 365 Defender Research Team said in an exhaustive deep-dive of the malware.

Remote control over vulnerable IoT and other internet-connected devices is gained by means of secure shell brute-force attacks, enabling the malware to form a botnet capable of carrying distributed denial-of-service attacks.

Besides being compiled for ARM, x86, and x64 architectures, the malware is designed to support different Linux distributions, not to mention come with features to siphon sensitive information, install a rootkit, and act as a vector for follow-on activities.

In recent years, XorDdos has targeted unprotected Docker servers with exposed ports, using victimized systems to overwhelm a target network or service with fake traffic in order to render it inaccessible.

News URL

https://thehackernews.com/2022/05/microsoft-warns-rise-in-xorddos-malware.html