Malware News ESET discovers 21 new Linux malware families

[LASER_oneXM]

Content source

https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/

All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.
....
....
Over the past decade, the number of malware families targeting Linux has grown, but the total number of threats is still orders of magnitude
under the malware numbers reported attacking Windows systems.
...
...
In a report published yesterday by cyber-security firm ESET, the company details 21 "new" Linux malware families. All operate in the same manner, as trojanized versions of the OpenSSH client.
They are developed as second-stage tools to be deployed in more complex "botnet" schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions.

ESET said that "18 out of the 21 families featured a credential-stealing feature, making it possible to steal passwords and/or keys" and "17 out of the 21 families featured a backdoor mode, allowing the attacker a stealthy and persistent way to connect back to the compromised machine."

 

[Deleted member 178]

Nothing is safe, now Linux users will learn what is fear.

 

[XhenEd]

Just malware authors taking advantage of Linux's reputation as the "safest."

 

[shmu26]

Nothing is safe, now Linux users will learn what is fear.

Not home users. If someone is running a linux server that is a high-value target, he should already be afraid. But linux home users are and will continue to be relaxed.

last line of article: "Unless Linux owners go out of their way to misconfigure their servers, for convenience's sake, they should be safe from most of these attacks."

 

[509322]

So much for Open Source security.

FYI... OpenSSH ships with WIndows. But in this case it isn't a security risk. If you don't understand why, then figure it out.

 

[shmu26]

Linux is security by obscurity. And that doesn't apply to linux-based servers.

 

[mlnevese]

No OS is absolutely safe. If there is money to be gained malware coders will invest in discovering and exploiting vulnerabilities in any OS.

 

[Thales]

I still use my Linux because it is soooooo beautiful compared to Windows 10.

 

[erreale]

Too bad it does not have the same "amazing" results on Windows.

 

[AlanOstaszewski]

Nothing is safe, now Linux users will learn what is fear.

Dream on, haha.


In addition, there is a missing in the post that the home users are not affected.

Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions.

You first have to go to the zdnet page to find out. If you copy articles @LASER_oneXM , then please copy them correctly, without falsifying them.

Home pcs are usually not open for the Internet to compromise them. With servers it looks different, because there certain ports like 22 are open. But that's no problem if you use Fail2Ban, which the majority does.
Well, actually nobody is affected by it, but still a big wave is made out of it. You shouldn't post such news in a forum like this, where half the people don't feel safe until they use three realtime scanners.

 

[Eddie Morra]

If you copy articles @LASER_oneXM , then please copy them correctly, without falsifying them.

@LASER_oneXM did not falsify the news article, he merely snipped pieces out to prevent the original post from literally being a news article rip from the official report. The "..." is there as an indicator that there's missing parts that can be viewed by going to the official news report.

The official URL is linked to at the top of the thread and it is there for a reason, so people can view the full news report if they care enough to read the full thing.

 

[AlanOstaszewski]

@LASER_oneXM did not falsify the news article, he merely snipped pieces out to prevent the original post from literally being a news article rip from the official report.

The post of @LASER_oneXM gives me the impression that it has summarized everything important. But it is not the case. This has led @Umbra to write that "Linux users" will learn fear. However, the use of "server owners using Linux" would be much more appropriate.
In my opinion, he should have cut out other parts (or preferably nothing).

 

[upnorth]

If you copy articles @LASER_oneXM , then please copy them correctly, without falsifying them.

I agree with @Eddie Morra on this as even I post from time to time news and sure it's copied but please try to understand each and every new post in the news section is under Moderation approval, before it's allowed. Also if for an actual reason any post here on MT is actually false or direct incorrect I do advice people to use the report option.

The time I been a member here on MT I never seen member @LASER_oneXM intentionally post anything false. The posting technic @LASER_oneXM use is as I understand made to invite people to use the original source link and it's clearly also following MT's rule :

do not copy and paste entire articles or web pages.

Forum Rules

 

[Eddie Morra]

In my opinion, he should have cut out other parts (or preferably nothing).

Then send him a PM.

I've never seen @LASER_oneXM intentionally try and deceive someone or intentionally cause trouble, yet you're on this thread trying to expose him for doing the dirtiest of the dirtiest by allegedly "falsifying" news articles.

 

[Deleted member 178]

@askalan no need to dream, it is already happening, the number of attacks on Linux increased since people moved from Win10.

Few years ago, you could count around 40 Linux malware, now it is much more.
More Linux become popular, more interested malcoders will become.

I laugh at those noobs who think an OS won't be touched my malware.

 

[bribon77]

Nothing is perfect, but Linux is still not as attractive to Black Hats as Windows

 

[shmu26]

Linux home users don't use realtime malware protection, because they don't need it. The users who are really paranoid, scan their downloads with Clam AV for linux.
Malware for linux home users does exist, but it is very hard to get infected by it. If anyone is aware of active malware campaigns in the wild that target linux home users, please post. My impression is that you can try all day long to get infected on a linux box, but you won't succeed.

 

[Black Wings]

Is linux safe for home users? Yes, but every day a little less. If you use the internet to visit and download according to what content and you do it without security extensions, without firewall rules, without virtualized environments, it will be a matter of time before your computer gets infected.

I still trust in Penguin God and his protection, but I'm sure that in the end, using an antivirus will not be a paranoid eccentricity.

 

[Deleted member 178]

Linux home users don't use realtime malware protection, because they don't need it. The users who are really paranoid, scan their downloads with Clam AV for linux.

Paranoids in Linux uses AppArmor. It is why they don't need scanners.
Uber Paranoids use qubes.

Malware for linux home users does exist, but it is very hard to get infected by it. If anyone is aware of active malware campaigns in the wild that target linux home users, please post. My impression is that you can try all day long to get infected on a linux box, but you won't succeed.

Linux mint with backdoor (like CCleaner)
Various exploits or RAT.
Just Google.

You just started using Linux, don't be too confident.
Attacks on Linux are not those simple ones on Windows, because Linux users are usually more skilled and aware, attacks are more sophisticated and stealthy.

 

[_CyberGhosT_]

Attacks on Linux are not those simple ones on Windows, because Linux users are usually more skilled and aware, attacks are more sophisticated and stealthy.

This could not be more true. My advise for anyone new to Linux now, would be to stay alert and keep an ear to the ground where Linux is concerned, it is a hot target now for malware devs.