BPFDoor is a highly evasive surveillance tool using the Berkeley Packet Filter (BPF). It is allegedly attributed to Chinese threat actors. It is assumed to be deployed on thousands of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years.
AcidRain is an ELF MIPS malware designed to wipe modems and routers. It is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks.
B1txor20 is assembling its army of bot on Linux machines. It is exploiting the Log4j vulnerable systems to gain access and maintain foothold.
Lockbit Linux ESXi Ransomware uses a combination of Advanced Encryption Standard (AES) and elliptic curve cryptography (ECC) algorithms for data encryption. This variant could have a big impact on victim organizations because of how ESXi, VMware’s hypervisor helps in managing servers.
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.