It already is pretty rampant, however most Linux admins have minimal if any detection strategy.
Additionally, while there’s plenty of binaries about like VoidLink, almost all campaigns against Linux hosts target SSH, or RCE vulnerabilities, and deliver shell scripts that orchestrate the attack.
Why compile a binary when the shell has everything you need? The threat models are pretty different between Windows and the *nix world.
When you look at botnet composition, they’re usually made up of outdated Linux hosts with SSH open with password-based authentication.
Seriously people, switch to key-based auth and disable password auth entirely.
It already is pretty rampant, however most Linux admins have minimal if any detection strategy.
Additionally, while there’s plenty of binaries about like VoidLink, almost all campaigns against Linux hosts target SSH, or RCE vulnerabilities, and deliver shell scripts that orchestrate the attack.
Why compile a binary when the shell has everything you need? The threat models are pretty different between Windows and the *nix world.
When you look at botnet composition, they’re usually made up of outdated Linux hosts with SSH open with password-based authentication.
Seriously people, switch to key-based auth and disable password auth entirely.