Linux malware sees 35% growth during 2021


Level 84
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks.
IoTs are typically under-powered "smart" devices running various Linux distributions and are limited to specific functionality. However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.
Besides DDoS, Linux IoT devices are recruited to mine cryptocurrency, facilitate spam mail campaigns, serve as relays, act as command and control servers, or even act as entry points into corporate networks.

A Crowdstrike report looking into the attack data from 2021 summarizes the following:
  • In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
  • XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
  • Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
  • XorDDoS also had a notable year-over-year increase of 123%.


Level 37
Top poster
Feb 4, 2016
With billions of internet-connected devices like cars, fridges and network devices online, IoT devices have become a prime target for certain malware activity — namely distributed denial of service (DDoS) attacks, where junk traffic aim to flood a target and knock them offline.

Security vendor CrowdStrike says in a new report that the most prevalent Linux-based malware families in 2021 were XorDDoS, Mirai and Mozi, which collectively accounted for 22% of all Linux-based IoT malware that year. These were also a main driver of malware targeting all Linux-based systems, which grew 35% in 2021 compared with 2020.
  • Like
Reactions: Gandalf_The_Grey