Linux malware is on the rise. Here are three top threats right now

Linux-based systems are everywhere and are a core part of the internet infrastructure but it’s low-powered Internet of Things (IoT) devices that have become the main target for Linux malware.

With billions of internet-connected devices like cars, fridges and network devices online, IoT devices have become a prime target for certain malware activity — namely distributed denial of service (DDoS) attacks, where junk traffic aim to flood a target and knock them offline. 

Security vendor CrowdStrike says in a new report that the most prevalent Linux-based malware families in 2021 were XorDDoS, Mirai and Mozi, which collectively accounted for 22% of all Linux-based IoT malware that year. These were also a main driver of malware targeting all Linux-based systems, which grew 35% in 2021 compared with 2020. 

Mozi, which emerged in 2019, is a peer-to-peer botnet that uses the distributed hash table (DHT) — a lookup system — and relies on weak Telnet passwords and known vulnerabilities to target networking devices, IoT, and video recorders, among other internet-connected products. The use of DHT allows Mozi to hide its command and control communication behind legitimate DHT traffic. There were 10 times more Mozi samples in 2021 compared to 2021, Crowdstrike notes. 

XorDDoS, a Linux botnet for large scale

Read More: