Few people would have a problem saying that Linux is more secure than Windows. But Linux is not immune to malware. According to a new security report, hackers are paying more attention to Linux as the move to cloud computing continues.

The findings come from Intezer Labs (via ZDNet), which in a security report highlighted an active botnet campaign affecting cloud servers running Linux. [Linux threats are becoming more common. This is due in part to the growing migration to and reliance on cloud environments, most of which are based on Linux infrastructures. Therefore, attackers are adapting accordingly, using new tools and techniques specifically designed for this infrastructure," noted Intezer Labs. [This interesting observation follows a new strain of malware named Doki, so named because it targets Docker servers on AWS, Azure, and other cloud platforms. According to this report, of the 60 malware detection engines registered with VirusTotal, not a single one has caught Doki on its radar since it was first analyzed on January 14, 2020

.

This is both surprising and disturbing because VirusTotal is owned by a subsidiary of Google's parent company, Alphabet, and anyone can upload a file and have it scrutinized by dozens of virus engines to see if it is potentially malicious They can do this. It is a useful tool that I used many times, especially when I was doing my annual antivirus roundups for Maximum PC.

Other threats like Doki may exist. If not, they may do so in the near future.

Attackers scan publicly accessible Docker servers and exploit them to set up their own containers to run malware on the victim's infrastructure.

Doki is essentially a backdoor Trojan that infiltrates Linux servers to steal resources for cryptocurrency mining. However, according to Intezer Labs, the payload of this malware is different from the standard cryptocurrency miners deployed in this type of attack.

"Doki uses a previously undocumented method to contact its operators by exploiting the Dogecoin cryptocurrency blockchain in a unique way to dynamically generate C2 domain addresses. The malware has been incubating for more than six months, despite the fact that samples have been published on VirusTotal.

Fortunately, this malware is likely to be more of a nuisance to corporate environments rather than a nuisance to home users. In other words, if you've been thinking about switching your gaming PC to Linux, don't let this problem stop you.