Linux servers are being infected with a dangerous new malware

Failure to stay on top of security increases Linux exposure to malware, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity firm AhnLab’s Security Emergency response Center (ASEC) has uncovered an attack against, “inadequately managed” Linux SSHserverswhereby malware is being installed and spread.

Most notable has been the installation of a Tsunami DDoS Bot, but ShellBot, XMRig CoinMiner, and Log Cleanermalwarehave also all been spotted.

Because Tsunami’s source code is publicly available, it has been used in numerous attacks against IoT devices and is often seen deployed alongside Mirai and Gafgyt, though Tsunami attacks onLinuxservers are just as common.

Linux servers are being attacked by multiple malware

AhnLab says that the Secure Shell (SSH) service is prone to poor management, thus is a perfect opportunity for threat actors to exploit for attacks. SSH enables admins to log in remotely and control the system, but cyberattackers can also gain unauthorized access through brute force or a dictionary attack.

These are the best endpoint protection tools around>If you use Linux - watch out for this stealthy new malware>Top NAS devices are being targeted by this dangerous malware

Alongside the DDoS bot that allows the execution of additional malicious commands, the CoinMiner can be especially detrimental to the performance of a machine as it gets to work mining for Monero.

The Log Cleaner also serves an important purpose in the attack as it assists in wiping away evidence of the attack, thus making it harder for victims to identify that their machine has become the subject.

While the consequences can be painful for IT admins, there are a few really simple steps that AhnLab highlights which can be taken to protect Linux servers from such attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Just like with any account, the cybersecurity firm recommends regularly changing the password which it says will help “protect the Linux server from brute force attacks and dictionary attacks.” Users should also frequently check for updates and patches, even with automatic updates enabled, to be able to iron out any bugs and vulnerabilities along the way.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

7 myths about email security everyone should stop believing

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success