A report shared by Crowdstrike recently highlights the rising threats on Linux-based operating systems. Researchers noted that there has been a 35% rise in Linux-based malware in 2021 as compared to 2020. Most of these attacks were launched on IoT devices. 

What does the report say?

  • According to Crowdstrike’s telemetry, three malware families accounted for 22% of attacks on Linux systems in 2021.
  • XorDDoS, Mirai, and Mozi were the most prevalent Linux-based malware families observed in 2021.
  • XorDDoS, a botnet designed to launch large-scale DDoS attacks, has been around since at least 2014. In 2021, the malware sample had increased by almost 123% when compared to 2020.
  • Mirai variants, namely Sora, IZIH9, and Rekai, also jumped to 33%, 39%, and 83% respectively in 2021.

There’s much more happening beyond botnets

  • Since the beginning of 2022, threat actor groups have amped up some ransomware families to target Linux systems.
  • One of these is the AvosLocker that appends the .avoslinux extension to all encrypted files.
  • The ransomware variant terminates all ESXi machines on the server using specific commands before proceeding to the encryption process.
  • The modified version of SFile ransomware that encrypts files on Linux-based operating systems, was also spotted earlier this month.
  • Though new, The Record confirmed the use of the new ransomware variant in targeted attacks against corporate and government networks.


If this trend continues, we could see even more malware come out for Linux devices in 2022. If there are easy security holes to access, cybercriminals will find them, regardless of the operating system. Therefore, keep your devices updated as often as patches are available to ensure you are secure.

Cyware Publisher