A Crowdstrike report has shown that the number of malware infections targeting Linux devices has increased by 35% in 2021. The main motive behind these infections is to recruit IoT devices for DDoS attacks.

Others include recruiting Linux IoT devices to mine cryptocurrencies, facilitating spam mail campaigns, serving as relays, acting as command and control servers, or acting as entry points into organizations’ networks.

Other results showed that XorDDoS, Mirai, and Mozi accounted for 22% of all Linux targeting malware attacks in 2021. Mozi grew with samples circulating ten times more in the wild. XorDDoS recorded an annual growth of 123%.

XorDDos is a versatile Linux malware that works on multiple Linux system architectures, forcing vulnerable devices to attack via SSH when attacking IoT devices.

Mozi is a P2P botnet that relies on the distributed hash table (DHT) lookup system to hide suspicious C2 communications from network traffic monitoring solutions.

Mirai is a botnet that implements various C2 communication protocols that abuse weak credentials to brute-force into devices.