{"id":48331,"date":"2022-09-07T12:05:41","date_gmt":"2022-09-07T12:05:41","guid":{"rendered":"http:\/\/eac00081-57a9-4b9b-8ec3-4804e978c064"},"modified":"2022-09-07T12:05:41","modified_gmt":"2022-09-07T12:05:41","slug":"this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/","title":{"rendered":"This stealthy Linux malware starts off small but gradually takes control"},"content":{"rendered":"<figure uuid=\"99bd596a-6b7d-47a5-9d50-5726551168c3\" size=\"original\" float=\"none\" image-caption=\"\" image-credit=\"Image: Getty\" image-alt-text=\"getty-hands-typing-on-a-laptop-keyboard.jpg\" image-filename=\"getty-hands-typing-on-a-laptop-keyboard.jpg\" image-date-created=\"2021\/08\/25\" image-width=\"2121\" image-height=\"1414\" image-do-not-crop=\"false\" image-do-not-resize=\"false\" image-watermark=\"false\" lightbox=\"false\" preload=\"true\" class=\"c-shortcodeImage u-clearfix c-shortcodeImage-large\">\n<div class=\"c-shortcodeImage_imageContainer\">\n<div class=\"c-shortcodeImage_image\"><picture class=\"c-cmsImage c-cmsImage_loaded\"><source media=\"(max-width: 767px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/fd1ff9c674ce003e9ff77b306d9f1f07183118a4\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=768\" alt=\"getty-hands-typing-on-a-laptop-keyboard.jpg\"><source media=\"(max-width: 1023px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/45db743e6a1f1b32f6f21ecf94712810d8cf9281\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1024\" alt=\"getty-hands-typing-on-a-laptop-keyboard.jpg\"><source media=\"(max-width: 1440px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\" alt=\"getty-hands-typing-on-a-laptop-keyboard.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\" alt=\"getty-hands-typing-on-a-laptop-keyboard.jpg\" height=\"800\" width=\"1200\" fetchpriority=\"low\"><\/picture><\/div>\n<p> <!----> <!----><\/div>\n<p> <!----><figcaption> <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall u-block\">Image: Getty<\/span><\/figcaption><\/figure>\n<p>A stealthy new form of malware is targeting Linux systems in attacks that can take full control of infected devices \u2013 and it is using this access to install crypto-mining malware.&nbsp;<\/p>\n<p>Dubbed Shikitega, the <a href=\"https:\/\/www.zdnet.com\/article\/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software\/\" rel=\"follow\">malware<\/a> targets endpoints and <a href=\"https:\/\/www.zdnet.com\/article\/what-is-the-internet-of-things-everything-you-need-to-know-about-the-iot-right-now\/\" rel=\"follow\">Internet of Things devices<\/a>&nbsp;that run on Linux operating systems and has been <a href=\"https:\/\/cybersecurity.att.com\/blogs\/labs-research\/shikitega-new-stealthy-malware-targeting-linux\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">detailed by cybersecurity researchers at AT&amp;T Alien Labs<\/a>.<\/p>\n<p>The malware is delivered in a multi-stage infection chain, where each module responds to commands from the previous part of the payload and downloads and executes the next one.<\/p>\n<p><strong><strong>SEE:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/these-are-the-cybersecurity-threats-of-tomorrow-that-you-should-be-thinking-about-today\/\" rel=\"follow\"><strong>These are the cybersecurity threats of tomorrow that you should be thinking about today<\/strong><\/a><\/strong><\/p>\n<p>By downloading the payload bit by bit \u2013 starting with a module that is just a few hundred bytes \u2013 Shikitega can avoid being uncovered by <a href=\"https:\/\/www.zdnet.com\/article\/best-antivirus\/\" rel=\"follow\">anti-virus software<\/a>. It also uses a polymorphic encoder to make it more difficult to detect.&nbsp;<\/p>\n<p>Researchers also note that those behind Shikitega appear to abuse legitimate cloud services to host some of their command-and-control servers.&nbsp;<\/p>\n<p>The initial method of infection is still unknown, but the malware gradually downloads more and more modules to provide full functionality, starting with the initial dropper, then going through several stages \u2013 including downloading Mettle, <a href=\"https:\/\/www.zdnet.com\/article\/metasploit-security-kit-now-hacks-iot-devices-hardware\/\" rel=\"follow\">a Metasploit offensive security tool,<\/a> which allows the attacker to deploy a wide range of attacks.&nbsp;<\/p>\n<p>These include taking control of webcams, taking control of processes, executing shell commands, and more. The ability to run shell commands provides the attackers with the ability to further exploit the system \u2013 and it appears that this is what they&#8217;re focused on for now.&nbsp;<\/p>\n<p>The malware downloads and executes further modules that exploit vulnerabilities in Linux, which can be used to achieve persistence and control of the compromised system.&nbsp;<\/p>\n<p>The vulnerabilities are CVE-2021-3493, a validation issue in the Linux kernel that allows attackers to gain elevated privileges, and CVE-2021-4034, a <a href=\"https:\/\/www.zdnet.com\/article\/major-linux-policykit-security-vulnerability-uncovered-pwnkit\/\" rel=\"follow\">high-severity memory corruption vulnerability<\/a> in polkit, which is installed by default in Linux distributions.&nbsp;<\/p>\n<p>By exploiting these vulnerabilities, the malware is able to download and execute the final stage of the payload with root privileges, providing the ability to fully control the system.&nbsp;<\/p>\n<p>This final stage of the attack <a href=\"https:\/\/www.zdnet.com\/article\/this-sneaky-cryptocurrency-mining-malware-hides-on-windows-pc-for-a-month-before-launching\/\" rel=\"follow\">downloads crypto-mining malware<\/a>, which allows the attackers to exploit the power of infected machines to secretly mine for cryptocurrency \u2013 at no cost to themselves. While this appears to be the focus of the attacks for now, the amount of control Shikitega gains over systems means it could be used for more damaging attacks in the future.&nbsp;<\/p>\n<p>And Linux is a useful target for cyber criminals, <a href=\"https:\/\/www.zdnet.com\/article\/linux-devices-increasingly-under-attack-from-hackers-warn-security-researchers\/\" rel=\"follow\">because it can often be overlooked when businesses think about cybersecurity<\/a>. &nbsp;<\/p>\n<p><strong>SEE:&nbsp;<a href=\"https:\/\/www.zdnet.com\/education\/computers-tech\/cybersecurity-school\/\" rel=\"follow\">Best cybersecurity schools and programs<\/a><\/strong><\/p>\n<p>&#8220;Threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads,&#8221; said Ofer Caspi, malware researcher at Alien Labs.&nbsp;<\/p>\n<p>&#8220;Shikitega malware is delivered in a sophisticated way, it uses a polymorphic encoder, and it gradually delivers its payload where each step reveals only part of the total payload,&#8221; he added.&nbsp;<\/p>\n<p>A key part of Shikitega&#8217;s attack process is leveraging known vulnerabilities to help gain full access to Linux systems; this can be prevented by ensuring the appropriate security patches for CVE-2021-3493 and CVE-2021-4034 have been applied, <a href=\"https:\/\/www.zdnet.com\/article\/this-one-change-could-protect-your-systems-from-attack-so-why-dont-more-companies-do-it\/\" rel=\"follow\">as well as swiftly applying any other updates that are released<\/a>.&nbsp;<\/p>\n<h3><strong>MORE ON CYBERSECURITY<\/strong><\/h3>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8216;Sophisticated&#8217; Shikitega malware secretly exploits known vulnerabilities in Linux.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-48331","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This stealthy Linux malware starts off small but gradually takes control 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This stealthy Linux malware starts off small but gradually takes control 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-07T12:05:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This stealthy Linux malware starts off small but gradually takes control\",\"datePublished\":\"2022-09-07T12:05:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/\"},\"wordCount\":587,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\\\/2021\\\/08\\\/25\\\/99bd596a-6b7d-47a5-9d50-5726551168c3\\\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/\",\"name\":\"This stealthy Linux malware starts off small but gradually takes control 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\\\/2021\\\/08\\\/25\\\/99bd596a-6b7d-47a5-9d50-5726551168c3\\\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\",\"datePublished\":\"2022-09-07T12:05:41+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\\\/2021\\\/08\\\/25\\\/99bd596a-6b7d-47a5-9d50-5726551168c3\\\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\\\/2021\\\/08\\\/25\\\/99bd596a-6b7d-47a5-9d50-5726551168c3\\\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"This stealthy Linux malware starts off small but gradually takes control\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This stealthy Linux malware starts off small but gradually takes control 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/","og_locale":"en_US","og_type":"article","og_title":"This stealthy Linux malware starts off small but gradually takes control 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-09-07T12:05:41+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This stealthy Linux malware starts off small but gradually takes control","datePublished":"2022-09-07T12:05:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/"},"wordCount":587,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/","url":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/","name":"This stealthy Linux malware starts off small but gradually takes control 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200","datePublished":"2022-09-07T12:05:41+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/2f9bcd9880e46081a0f2e85f682def6bd195eb12\/2021\/08\/25\/99bd596a-6b7d-47a5-9d50-5726551168c3\/getty-hands-typing-on-a-laptop-keyboard.jpg?auto=webp&amp;width=1200"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-stealthy-linux-malware-starts-off-small-but-gradually-takes-control\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"This stealthy Linux malware starts off small but gradually takes control"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48331"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48331\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}