{"id":48699,"date":"2022-09-29T14:38:52","date_gmt":"2022-09-29T14:38:52","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33888\/Never-Before-Seen-Malware-Has-Infected-Hundreds-Of-Linux-And-Windows-Devices.html"},"modified":"2022-09-29T14:38:52","modified_gmt":"2022-09-29T14:38:52","slug":"never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/","title":{"rendered":"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/malware-800x600.jpg\" alt=\"A stylized skull and crossbones made out of ones and zeroes.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"59 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/09\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">82<\/span> <span class=\"visually-hidden\"> with 59 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 488:single\/related:3c906306511cdf094bb1db9b8c0a7d40 --><!-- empty --><\/p>\n<p>Researchers have revealed a never-before-seen piece of cross-platform malware that has infected a wide range of Linux and Windows devices, including small office routers, FreeBSD boxes, and large enterprise servers.<\/p>\n<p>Black Lotus Labs, the research arm of security firm Lumen, is calling the malware Chaos, a word that repeatedly appears in function names, certificates, and file names it uses. Chaos emerged no later than April 16, when the first cluster of control servers went live in the wild. From June through mid-July, researchers found hundreds of unique IP addresses representing compromised Chaos devices. Staging servers used to infect new devices have mushroomed in recent months, growing from 39 in May to 93 in August. As of Tuesday, the number reached 111.<\/p>\n<p>Black Lotus has observed interactions with these staging servers from both embedded Linux devices as well as enterprise servers, including one in Europe that was hosting an instance of GitLab. There are more than 100 unique samples in the wild.<\/p>\n<p>&#8220;The potency of the Chaos malware stems from a few factors,&#8221; Black Lotus Labs researchers wrote in a Wednesday morning <a href=\"https:\/\/blog.lumen.com\/chaos-is-a-go-based-swiss-army-knife-of-malware\/\">blog post<\/a>. &#8220;First, it is designed to work across several architectures, including: ARM, Intel (i386), MIPS and PowerPC\u2014in addition to both Windows and Linux operating systems. Second, unlike largescale ransomware distribution botnets like Emotet that leverage spam to spread and grow, Chaos propagates through known CVEs and brute forced as well as stolen SSH keys.&#8221;<\/p>\n<p>CVEs refer to the mechanism used to track specific vulnerabilities. Wednesday&#8217;s report referred to only a few, including CVE-2017-17215 and CVE-2022-30525 affecting firewalls sold by Huawei, and CVE-2022-1388, an <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/05\/hackers-are-actively-exploiting-big-ip-vulnerability-with-a-9-8-severity-rating\/\">extremely severe vulnerability<\/a> in load balancers, firewalls, and network inspection gear sold by F5. SSH infections using password brute-forcing and stolen keys also allow Chaos to spread from machine to machine inside an infected network.<\/p>\n<p>Chaos also has various capabilities, including enumerating all devices connected to an infected network, running remote shells that allow attackers to execute commands, and loading additional modules. Combined with the ability to run on such a wide range of devices, these capabilities have led Black Lotus Labs to suspect Chaos &#8220;is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining,&#8221; company researchers said.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Black Lotus Labs believes Chaos is an offshoot of <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/f\/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html\">Kaiji<\/a>, a piece of botnet software for Linux-based AMD and i386 servers for performing DDoS attacks. Since coming into its own, Chaos has gained a host of new features, including modules for new architectures, the ability to run on Windows, and the ability to spread through vulnerability exploitation and SSH key harvesting.<\/p>\n<p>Infected IP addresses indicate that Chaos infections are most heavily concentrated in Europe, with smaller hotspots in North and South America and Asia-Pacific.<\/p>\n<figure class=\"image shortcode-img center full\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/chaos-bot-geography.png\" width=\"624\" height=\"292\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Black Lotus Labs<\/div>\n<\/figcaption><\/figure>\n<p>Black Lotus Labs researchers wrote:<\/p>\n<blockquote>\n<p>Over the first few weeks of September, our Chaos host emulator received multiple DDoS commands targeting roughly two dozen organizations\u2019 domains or IPs. Using our global telemetry, we identified multiple DDoS attacks that coincide with the timeframe, IP and port from the attack commands we received. Attack types were generally multi-vector leveraging UDP and TCP\/SYN across multiple ports, often increasing in volume over the course of multiple days. Targeted entities included gaming, financial services and technology, media and entertainment, and hosting. We even observed attacks targeting DDoS-as-a-service providers and a crypto mining exchange. Collectively, the targets spanned EMEA, APAC and North America.<\/p>\n<p>One gaming company was targeted for a mixed UDP, TCP and SYN attack over port 30120. Beginning September 1 \u2013 September 5, the organization received a flood of traffic over and above its typical volume. A breakdown of traffic for the timeframe before and through the attack period shows a flood of traffic sent to port 30120 by approximately 12K distinct IPs \u2013 though some of that traffic may be indicative of IP spoofing.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure10_Gaming_DDoS_vf.png\" class=\"enlarge\" data-height=\"477\" data-width=\"1545\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure10_Gaming_DDoS_vf-640x198.png\" width=\"640\" height=\"198\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure10_Gaming_DDoS_vf-1280x395.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">Black Lotus Labs<\/div>\n<\/figcaption><\/figure>\n<p>A few of the targets included DDoS-as-a-service providers. One markets itself as a premier IP stressor and booter that offers CAPTCHA bypass and \u201cunique\u201d transport layer DDoS capabilities. In mid-August, our visibility revealed a massive uptick in traffic roughly four times higher than the highest volume registered over the prior 30 days. This was followed on September 1 by an even larger spike of more than six times the normal traffic volume.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure11_DDoSaaS_Attack.png\" class=\"enlarge\" data-height=\"459\" data-width=\"1477\" alt=\"DDoS-as-a-service organization incoming attack volume\"><img loading=\"lazy\" decoding=\"async\" alt=\"DDoS-as-a-service organization incoming attack volume\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure11_DDoSaaS_Attack-640x199.png\" width=\"640\" height=\"199\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure11_DDoSaaS_Attack-1280x398.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/Figure11_DDoSaaS_Attack.png\" class=\"enlarge-link\" data-height=\"459\" data-width=\"1477\">Enlarge<\/a> <span class=\"sep\">\/<\/span> DDoS-as-a-service organization incoming attack volume<\/div>\n<div class=\"caption-credit\">Black Lotus Labs<\/div>\n<\/figcaption><\/figure>\n<\/blockquote>\n<p>The two most important things people can do to prevent Chaos infections are to keep all routers, servers, and other devices fully updated and to use strong passwords and FIDO2-based multifactor authentication whenever possible. A reminder to small office router owners everywhere: Most router malware can&#8217;t survive a reboot. Consider restarting your device every week or so. Those who use SSH should always use a cryptographic key for authentication.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33888\/Never-Before-Seen-Malware-Has-Infected-Hundreds-Of-Linux-And-Windows-Devices.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":48700,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10225],"class_list":["post-48699","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwaremicrosoftlinuxbotnet"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-29T14:38:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/malware-800x600.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices\",\"datePublished\":\"2022-09-29T14:38:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/\"},\"wordCount\":816,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg\",\"keywords\":[\"headline,malware,microsoft,linux,botnet\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/\",\"name\":\"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg\",\"datePublished\":\"2022-09-29T14:38:52+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,microsoft,linux,botnet\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwaremicrosoftlinuxbotnet\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/","og_locale":"en_US","og_type":"article","og_title":"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-09-29T14:38:52+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/malware-800x600.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices","datePublished":"2022-09-29T14:38:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/"},"wordCount":816,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg","keywords":["headline,malware,microsoft,linux,botnet"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/","url":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/","name":"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg","datePublished":"2022-09-29T14:38:52+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices.jpg","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,microsoft,linux,botnet","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwaremicrosoftlinuxbotnet\/"},{"@type":"ListItem","position":3,"name":"Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48699"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48699\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48700"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}