Linux powers many cloud infrastructures today. However, it is not immune to threats and risks. We discuss several pressing security issues including malware and vulnerabilities that compromise Linux systems in the first half of 2021.
Threat actors are targeting Linux servers with vulnerable software, namely the project management tool Jira and the message transfer agent Exim, using a variant of the Watchbog trojan, which drops a Monero miner to expand their botnet.
A ransomware family was recently spotted targeting vulnerable Samba servers: NamPoHyu Virus aka MegaLocker Virus. NamPoHyu Virus searches for publicly accessible Samba servers, brute-forces them, and runs the ransomware locally to encrypt the exposed servers.
We recently encountered a cryptocurrency-mining malware affecting Linux systems. It is notable for being bundled with a rootkit component that hides the malicious process’ presence from monitoring tools.