Few people would take issue with saying Linux is more secure than Windows. However, Linux is not immune to malware. According to a new security report, hackers are paying more attention to it these days, just as more things shift to cloud computing.

The finding comes by way of Intezer Labs (via ZDNet), which highlighted in a security report an active botnet campaign affecting cloud servers running Linux.

“Linux threats are becoming more common. A contributing factor to this is the increasing shift and reliance on cloud environments, which are mostly based on Linux infrastructure. Hence, attackers have been adapting accordingly with new tools and techniques designed specifically for this infrastructure,” Intezer Labs notes.

The interesting observation comes on the heels of a new malware strain dubbed Doki, which derives its name from targeting Docker servers in AWS, Azure, and other cloud platforms. According to the report, none of the 60 malware detection engines in VirusTotal have Doki on their radar since it was first analyzed on January 14, 2020.

That is both surprising and unsettling. VirusTotal is owned by a subsidiary of Google’s parent company, Alphabet, and allows anyone to upload a file and have it scrutinized by dozens of virus engines to see if it is potentially malicious. It’s a handy tool I have used on many occasions in the past, particularly when I used to conduct annual antivirus roundups for Maximum PC.

There could be other threats like Doki in the wild. And if not, there likely will be in the near future.

“A technique that has become popular is the abuse of misconfigured Docker API ports, where attackers scan for publicly accessible Docker servers and exploit them in order to set up their own containers and execute malware on the victim’s infrastructure,” the report states.

Doki is essentially a backdoor trojan that infiltrates Linux servers to steal resources for cryptocurrency mining. However, Intezer Labs says the malware payload is different than a standard cryptocurrency miner deployed in this type of attack.

“Doki uses a previously undocumented method to contact its operator by abusing the Dogecoin cryptocurrency blockchain in a unique way in order to dynamically generate its C2 domain address. The malware has managed to stay under the radar for over six months despite samples being publicly available in VirusTotal,” the report adds.

Fortunately, this looks like it will be more of an annoyance for enterprise environments rather than nuisance for home users. Or in other words, if you’ve been thinking about switching a gaming PC to Linux, don’t let this stop you.

Source Article