Three Major Threats to Linux Discovered
In less than a week it has been reported that Linux has been found to be vulnerable to three different attacks. This should come as no surprise, given the steady rise in popularity Linux has enjoyed over the last year.
The first attack is a cryptomining DDoS attack, named Lucifer. This hybrid DDoS botnet was first known for infecting Windows machines with Mondero cryptomining bots. That attack is now scanning for and infecting Linux servers and desktops. The Linux version of the Lucifer botnet has the same capabilities as the Windows version, but can also be used in HTTP-based DDoS attacks.
The next attack, dubbed FritzFrog, is another botnet that was discovered breaching SSH servers since January 2020. This bot, written in Golang, has been found to target systems within the government, education, and finance sectors. FritzFrog assembles and executes its payload in-memory. Once on a system, FritzFrog communicates, via an encrypted channel, using over 30 commands. The malware then spawns multiple threads to facilitate replication, deployment, and growth. Guardicore Labs has created a script that can detect FritzFrog infections.
Finally, Drovorub is a toolset that creates a backdoor on Linux machines which enables file downloads and uploads, as well as the execution of commands as root, and port forwarding of network traffic. Worst of all, Drovorub implants a kernel rootkit, which is enhanced with additional capabilities. To mitigate Drovorub, admins are warned to upgrade their Linux systems immediately (including the kernel). If your servers and desktops are running any kernel newer than 3.7, you should be safe. Of course, 3.7 is quite an old kernel, so chances are good you are already free from the effects of this malware.