XorDdos Malware Attacks on Linux Devices, Microsoft Warns ,According to Microsoft’s newest study, the Linux botnet virus XorDdos has seen a 254 percent increase in activity over the last six months.

The malware has been active since at least 2014, and is notorious for carrying out denial-of-service assaults against Linux systems and using XOR-based encryption for communications with its command-and-control (C2) server.

“XorDdos’ modular structure offers attackers with a versatile trojan capable of infecting a range of Linux system architectures,” the Microsoft 365 Defender Research Team’s Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar Or said in an in-depth analysis of the malware.

“Its SSH brute-force attacks are a simple but efficient technique for getting root access to a variety of potential targets.”

Secure shell (SSH) brute-force assaults are used to take remote control over unprotected IoT and other internet-connected devices, allowing the malware to establish a botnet capable of launching distributed denial-of-service (DDoS) attacks.

In addition to being written for ARM, x86, and x64 architectures, the malware is designed to work with a variety of Linux distributions and includes tools to steal personal data, install a rootkit, and act as a vector for further attacks.

Devices infected with XorDdos are now being infected with another Linux trojan named Tsunami, indicating that the malware could operate as a conduit for other threats.

XorDdos has been targeting unprotected Docker servers on exposed ports (2375) in recent years, leveraging vulnerable computers to flood a target network or service with bogus traffic, rendering it unreachable.

According to cybersecurity firm CrowdStrike, XorDdos has subsequently emerged as the top Linux-targeted threat in 2021, followed by Mirai and Mozi, accounting for more than 22 percent of all IoT malware seen in the wild.

“XorDdos employs evasion and persistence strategies to keep its operations robust and undetectable,” the researchers explained.

“Obfuscating the malware’s operations, dodging rule-based detection measures and hash-based harmful file lookup, as well as leveraging anti-forensic techniques to undermine process tree-based analysis” are among its evasion capabilities.

Have you enjoyed reading this article? To read more exclusive material from THN, follow us on Facebook.


Comments are closed.