Security News > 2024 > May > Ebury botnet malware infected 400,000 Linux servers since 2009
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
"While 400,000 is a massive number, it's important to mention that this is the number of compromises over the course of almost 15 years. Not all of those machines were compromised at the same time," explains ESET. "There is a constant churn of new servers being compromised while others are being cleaned up or decommissioned. The data at our disposal doesn't indicate when the attackers lost access to the systems, so it's difficult to know the size of the botnet at any specific point in time."
Recent Ebury attacks show a preference by the operators to breach hosting providers and perform supply chain attacks to clients renting virtual servers on the compromised provider.
In cases where servers host cryptocurrency wallets, Ebury uses the captured credentials to empty the wallets automatically.
ESET says Ebury targeted at least 200 servers using this method throughout 2023, including Bitcoin and Ethereum nodes.
DinodasRAT malware targets Linux servers in espionage campaign.
News URL
Related news
- Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (source)
- Ebury botnet compromises 400,000+ Linux servers (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Police seize over 100 malware loader servers, arrest four cybercriminals (source)
- Police seize over 100 malware loader servers, arrest four cybercriminals (source)
- Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (source)
- Malware botnet bricked 600,000 routers in mysterious 2023 event (source)
- Malware botnet bricked 600,000 routers in mysterious 2023 attack (source)
- Europol identifies 8 cybercriminals tied to malware loader botnets (source)
- International Malware Takedown Seized 100+ Servers (source)