Dangerous new 'RedXOR' Linux malware linked to Chinese state actors
Linux-based operating systems are widely used by companies like Amazon, Facebook, Twitter and Google, making them prime targets for malware creators.
Linux distributions like Ubuntu, Fedora and Manjaro might be widely considered a more secure operating system than Windows, but it is a fact that no operating system is completely secure and free from vulnerabilities. According to a new report, hackers are now using an advanced malware to target Linux servers, which power most of the internet.
According to a report by Bleeping Computer, a group of researchers at Intezer discovered the malware, which they have called RedXOR. Based on how the malware operates and the code it runs, the experts think it was created by advanced Chinese hackers. They also believe it is still being used to control systems that it compromised, as the command and control server which they were using was intermittently available when they were trying to studying the malware.
It is a common misconception that Linux based systems are targeted less than Microsoft because the number of users is much lower than Windows. This might be true for desktop users but in terms of server operating systems, Linux-based operating systems are the most widely used - powering companies like Facebook, Google, Amazon, Twitter and many more.
A report by Techcrunch also states RedXOR is just a “part of a trend” of constant attacks on Linux systems, and that powerful countries or groups connected with those countries were actively working on new ways to attack Linux systems and compromise them. Countries like Indonesia and Taiwan seem to be targeted the most by the RedXOR malware.
Linux users who are afraid that they might be targeted by the malware can only update their systems and make sure they have the latest packages installed on their system, and possibly run a few Linux security tools like rkhunter, lynis, chkrootkit, clamav, and LMD to make sure their systems are safe. But given how many of these attacks are Zero-Day malware, it is very unlikely that these tools will be able to detect malware like this in the first place.