Historically, Linux has proved to be a more secure operating system when compared to the more widely used Windows. This is due to Linux’s more secure implementation of user privileges, a more tech-savvy userbase, and other such factors. However, this does not make it completely free of vulnerabilities.
The number of threats targeting the Linux ecosystem is still quite insignificant when compared to Windows, despite the emergence of some malware families aimed at Linux-based systems in the last decade.
Due to the existing disparity in the threat landscape, the Linux ecosystem has received limited attention from security researchers. This gives rise to cases where certain malware families get discovered after several years of having been released and active in the wild.
This discovery by ESET stems from their ongoing hunt for OpenSSH backdoors in the wild. The researchers began their hunt over three years ago. They collected samples of malicious OpenSSH binaries which were used to improve detection. However, the samples remained unanalyzed until this year.
To their surprise, the researchers discovered many new backdoor families that had remained undocumented prior to their research. “The Dark Side of the ForSSHe - A landscape of OpenSSH backdoors” - the paper published by ESET researchers contains a list of Indicators of Compromise (IOCs) which would help identify compromised servers.
The research conducted by ESET benefited from insights gained during their Windigo botnet investigation. The research paper provides some noteworthy points from their research:
This research indicates that security researchers should pay more attention to the Linux operating system for new threats. Much of the world’s online infrastructure is powered by servers running variations of the Linux operating system, which could face serious danger if Linux malware threats are not carefully analyzed and tackled in a timely manner.