All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.
....
....
Over the past decade, the number of malware families targeting Linux has grown, but the total number of threats is still orders of magnitude
under the malware numbers reported attacking Windows systems.
...
...
In a report published yesterday by cyber-security firm ESET, the company details 21 "new" Linux malware families. All operate in the same manner, as trojanized versions of the OpenSSH client.
They are developed as second-stage tools to be deployed in more complex "botnet" schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions.
ESET said that "18 out of the 21 families featured a credential-stealing feature, making it possible to steal passwords and/or keys" and "17 out of the 21 families featured a backdoor mode, allowing the attacker a stealthy and persistent way to connect back to the compromised machine."