{"id":53663,"date":"2023-09-13T15:31:06","date_gmt":"2023-09-13T15:31:06","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35005\/Password-Stealing-Linux-Malware-Served-For-3-Years-And-No-One-Noticed.html"},"modified":"2023-09-13T15:31:06","modified_gmt":"2023-09-13T15:31:06","slug":"password-stealing-linux-malware-served-for-3-years-and-no-one-noticed","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/","title":{"rendered":"Password Stealing Linux Malware Served For 3 Years And No One Noticed"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/06\/getty-digital-trojan-horse-800x522.jpg\" alt=\"Illustration of a Trojan horse in an electronic environment.\"><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/06\/getty-digital-trojan-horse.jpg\" class=\"enlarge-link\" data-height=\"928\" data-width=\"1421\">Enlarge<\/a> <span class=\"sep\">\/<\/span> A digital Trojan horse.<\/div>\n<div class=\"caption-credit\">Getty Images | posteriori<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2023\/09\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">98<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/aside>\n<p> <!-- cache hit 45:single\/related:619f3aaa89f17108e981c6993b3e729d --><!-- empty --><\/p>\n<p>A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday.<\/p>\n<p>The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the \/var\/tmp\/crond and \/var\/tmp\/bs file paths. The script then used the cron job scheduler to cause the file at \/var\/tmp\/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.<\/p>\n<p>After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved.<\/p>\n<p>\u201cThis stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure),\u201d the researchers wrote in a <a href=\"https:\/\/securelist.com\/backdoored-free-download-manager-linux-malware\/110465\/\">report on Tuesday<\/a>. \u201cAfter collecting information from the infected machine, the stealer downloads an uploader binary from the C2 server, saving it to \/var\/tmp\/atd. It then uses this binary to upload stealer execution results to the attackers\u2019 infrastructure.\u201d<\/p>\n<p>The image below illustrates the infection chain.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/09\/infection-chain.png\" class=\"enlarge\" data-height=\"867\" data-width=\"1920\" alt=\"The infection chain of Trojanized versions of Free Download Manager.\"><img loading=\"lazy\" decoding=\"async\" alt=\"The infection chain of Trojanized versions of Free Download Manager.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/09\/infection-chain-640x289.png\" width=\"640\" height=\"289\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/09\/infection-chain-1280x578.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/09\/infection-chain.png\" class=\"enlarge-link\" data-height=\"867\" data-width=\"1920\">Enlarge<\/a> <span class=\"sep\">\/<\/span> The infection chain of Trojanized versions of Free Download Manager.<\/div>\n<\/figcaption><\/figure>\n<p>After searching social media posts that discussed Free Download Manager, the researchers found that some people who visited freedownloadmanager[.]org received a benign version of the app, while others were redirected to one of the following malicious domains that served the booby-trapped version.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<ul>\n<li aria-level=\"1\">2c9bf1811ff428ef9ec999cc7544b43950947b0f.u.fdmpkg[.]org<\/li>\n<li aria-level=\"1\">c6d76b1748b67fbc21ab493281dd1c7a558e3047.u.fdmpkg[.]org<\/li>\n<li aria-level=\"1\">0727bedf5c1f85f58337798a63812aa986448473.u.fdmpkg[.]org<\/li>\n<li aria-level=\"1\">c3a05f0dac05669765800471abc1fdaba15e3360.u.fdmpkg[.]org<\/li>\n<\/ul>\n<p>It\u2019s unclear why some visitors received the non-malicious version of the software and others were redirected to a malicious domain. The malicious redirects ended in 2022 for unknown reasons.<\/p>\n<p>The backdoor is an updated version of malware tracked as Bew, which was published in 2014. Bew was one of the components used in an attack <a href=\"https:\/\/web.archive.org\/web\/20200920171751\/https:\/security.web.cern.ch\/advisories\/busywinman\/BusyWinman.shtml\/\">in 2017<\/a>. The stealer called by the backdoor was <a href=\"https:\/\/yoroi.company\/research\/the-return-of-the-wizard-vulnerability-crooks-start-hitting\/\">installed in a 2019 campaign<\/a> after first exploiting a vulnerability in the Exim Mail Server.<\/p>\n<p>\u201cWhile the campaign is currently inactive,\u201d the researchers wrote, referring to the recent incident, \u201cthis case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyber attacks on Linux machines to the naked eye.\u201d They added:<\/p>\n<blockquote>\n<p>The malware observed in this campaign has been known since 2013. In addition, the implants turned out to be quite noisy, as demonstrated by multiple posts on social networks. According to our telemetry, victims of this campaign are located all over the world, including Brazil, China, Saudi Arabia and Russia. Given these facts, it may seem paradoxical that the malicious Free Download Manager package remained undetected for more than three years.<\/p>\n<ul>\n<li aria-level=\"1\">As opposed to Windows, Linux malware is much more rarely observed;<\/li>\n<li aria-level=\"1\">Infections with the malicious Debian package occurred with a degree of probability: some users received the infected package, while others ended up downloading the benign one;<\/li>\n<li aria-level=\"1\">Social network users discussing Free Download Manager issues did not suspect that they were caused by malware.<\/li>\n<\/ul>\n<\/blockquote>\n<p>The post offers a variety of file hashes and domain and IP addresses that people can use to indicate if they\u2019ve been targeted or infected in the campaign, which the researchers suspect was a supply chain attack involving the benign version of Free Download Manager. The researchers said people running the freedownloadmanager[.]org site didn\u2019t respond to messages notifying them of the campaign. They also didn\u2019t respond to an inquiry for this post.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35005\/Password-Stealing-Linux-Malware-Served-For-3-Years-And-No-One-Noticed.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53664,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10693],"class_list":["post-53663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarelinuxpasswordbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Password Stealing Linux Malware Served For 3 Years And No One Noticed 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Password Stealing Linux Malware Served For 3 Years And No One Noticed 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-13T15:31:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/06\/getty-digital-trojan-horse-800x522.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Password Stealing Linux Malware Served For 3 Years And No One Noticed\",\"datePublished\":\"2023-09-13T15:31:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/\"},\"wordCount\":702,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg\",\"keywords\":[\"headline,hacker,malware,linux,password,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/\",\"name\":\"Password Stealing Linux Malware Served For 3 Years And No One Noticed 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg\",\"datePublished\":\"2023-09-13T15:31:06+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg\",\"width\":800,\"height\":522},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,linux,password,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarelinuxpasswordbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Password Stealing Linux Malware Served For 3 Years And No One Noticed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Password Stealing Linux Malware Served For 3 Years And No One Noticed 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/","og_locale":"en_US","og_type":"article","og_title":"Password Stealing Linux Malware Served For 3 Years And No One Noticed 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-09-13T15:31:06+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/06\/getty-digital-trojan-horse-800x522.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Password Stealing Linux Malware Served For 3 Years And No One Noticed","datePublished":"2023-09-13T15:31:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/"},"wordCount":702,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg","keywords":["headline,hacker,malware,linux,password,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/","url":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/","name":"Password Stealing Linux Malware Served For 3 Years And No One Noticed 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg","datePublished":"2023-09-13T15:31:06+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed.jpg","width":800,"height":522},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,linux,password,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarelinuxpasswordbackdoor\/"},{"@type":"ListItem","position":3,"name":"Password Stealing Linux Malware Served For 3 Years And No One Noticed"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53663"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53663\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53664"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}