Linux malware: Types and protection

The most common types of Linux malware

Malware on Linux servers and machines can cause data loss and financial damage. Let’s take a closer look at some of the most common forms of Linux malware.

Trojans

Trojans are a kind of malware. They usually masquerade as legitimate software or come hidden inside another program. If you download a piece of free software online, it might be a trojan, or it could come bundled with trojan software.

The term trojan doesn’t imply a specific function — “trojan” just refers to malware with this specific delivery method. Trojan malware may be designed to spy on the activity on your Linux system, it may be a kind of ransomware, or it could try to link your device to a botnet.

Regardless of what the malware actually does, the defining feature of the trojan is that it pretends to be part of a safe software that you must install yourself, unlike other forms of malware or virus that infect your device without your active participation.

Botnets

Linux, like all operating systems, is susceptible to botnet malware. This malicious software is designed to remotely control your device and to link it with a network of other infected devices.

Botnet malware can be installed on your Linux device in a variety of ways. You could accidentally download an exploit kit by clicking on a hacker’s malicious advert. A phishing email attachment could install software on your device without you even knowing.

Once the botnet malware has been installed, it can lie dormant and unnoticed until activated remotely from a command and control server. As part of a botnet, your Linux device could then be compelled to generate traffic as part of a DDoS attack.

Ransomware

Ransomware is designed to restrict your access to your own device or files, forcing you to pay a ransom fee to get your files back. Ransomware can infect your device by any number of methods, from phishing emails to trojans. Once installed, the software will encrypt some or all of the data stored on your Linux machines.

You won’t be able to access your data while it is encrypted and will then be prompted to pay a large sum of money for an encryption key. However, you have no guarantee that the key will be given to you if you do pay up.

If your Linux device is targeted by ransomware, it is best not to pay the ransom, for two reasons. First, doing so does not guarantee the return of your data, only the loss of your money. Second, people and companies that hand over ransoms are often targeted again because they are now known to pay.

Rootkits

Rootkits are programs that give hackers remote access to your device, allowing them to take control of it without your permission — or even without your knowledge. Remote command and control servers can be used to operate the rootkits from afar.

Rootkits are usually delivered through phishing email attachments or malware-spreading websites, and once installed they can be very hard to detect. Linux kernel-mode rootkits are particularly difficult to find and remove because once they’re installed, the hacker can remove and alter records within your system, erasing any indicators of compromise.

If you continue to use your Linux device as normal, unaware of the threat, your activity could be spied on and your data stolen.

Cryptojacking

Linux systems can be targeted by cryptojacking malware. This malicious software has two main goals — to force the infected device to mine cryptocurrency and to remain undetected.

Cryptojackers are designed to work quietly behind the scenes because the longer they are in action, the more potential cryptocurrency your device will generate for the perpetrator. If your Linux computer suddenly slows down, performs poorly, or overheats, it may be the result of crypto mining processes.

Most common Linux malware attacks

You could be targeted by many different types of malware and viruses on Linux. Though the list of possible threats to Linux users (or users on any operating system) is endless, here are some of the most common Linux malware attacks.

XORDDoS

XORDDoS is a DDoS botnet that targets Linux systems. Using a rootkit, it gains access to your device after installation and can rope it into future botnet operations. As with many malware types, you may not realize you have this program on your device for a long time, because it won’t start slowing down your system until activated by the command and control server.

CHAOS RAT

CHAOS RAT, or CHAOS Remote Administrative Tool, is a trojan, designed to facilitate unauthorized access, data theft, surveillance, and cryptojacking. Once it is installed, a hacker can start operating your device from afar — for example, setting it up to mine cryptocurrency without your knowledge.

Syslogk

The Syslogk Linux rootkit was created to give hackers administrative access to your Linux device. Once your machine is infected, the rootkit gives its operator the capacity to spy on your activity, install additional software, and take control of your system. This Linux malware is particularly risky because it can hide its tracks, leaving few signs of its presence in your system logs.

RansomExx

RansomExx has been around for a while, but it was only recently modified to target Linux operating systems. New Linux malware variants emerge all the time, but this one has been especially effective in recent years. RansomExx is, as the name suggests, a ransomware program. It typically sneaks onto your device via a trojan called IcedID and once in place, it can encrypt your data and demand a ransom.

How to protect your Linux system from malware

Whether you’re an individual or a business, you can take steps to improve your Linux security.

• Use anti-malware software. While Linux has some good built-in firewalls, you should take extra precautions and protect your Linux machine with anti-malware programs. This type of software provides extra layers of protection against initial malware infection, but they can also scan your device regularly to find malicious intruders that slipped past them earlier.
• Avoid potential trojans. The internet is full of free downloads, and while many are safe and sourced from legitimate companies, others could be loaded with trojans. Always make sure you’re downloading software from safe websites and companies — it should go without saying that illegally downloading free versions of premium software will put you at enormous risk of trojan infection.
• Use a VPN. Using a VPN for Linux means all of your traffic will be encrypted while in transit, and your IP address will be shielded, boosting both security and personal privacy. NordVPN also offers Threat Protection Lite to Linux users, a useful feature that blocks ads and limits access to malicious websites.