GoScanSSH malware infects a range of Linux devices

[Abarbarian]

Newly Found Malware Deliberately Avoids Government Networks

A newly discovered family of malware is being used to compromise Linux servers exposed to the internet. The good news for IT pros is that it doesn't appear to be targeting traditional commercial servers but is going after consumer devices.

The folks at Cisco Talos report that the malware targets weak or default credentials across a range of Linux devices on x86, x86_64, ARM and MIPS64 architectures.

In addition to the U.S., the domain names indicate that the malware is attempting to avoid infecting government networks in the UK, Australia, New Zealand, Israel, South Africa and Spain.

Again, the objectives of the malware, other than to continually replicate itself, are unclear. A good guess might be that a bot is being amassed for DDOS purposes. Nor is it known why the malware is interested in the power of its host machine. Some have suggested it might have something to do with mining cryptocurrencies, which takes a good deal of computational power, but relatively low-powered machines like jailbroken phones and Raspberry Pi systems are included in the mix of devices being targeted, undermining the cryptocurrency theory.

Looks like decent strong passwords should be enough to keep you safe though.

 

[Ian]

Thanks for the heads up @Abarbarian - a timely reminder to keep up to date with patches!