Significantly increased XorDDoS malware activity reported

BleepingComputer reports that malware activity from the stealthy Linux trojan XorDDoS has spiked by 254% over the past six months. Numerous evasion and persistence methods leveraged by XorDDoS including malware activity obfuscation, rule-based detection bypass, and anti-forensic tactics have ensured the continued success of XorDDoS, which was discovered to be active since 2014, according to a Microsoft report. Malware operators have not only leveraged XorDDoS to launch distributed denial-of-service attacks against Linux devices but also facilitate rootkit deployment, compromised device access persistence, and additional payload delivery. The report showed that XorDDoS-infected devices have been impacted by the Tsunami backdoor, which triggers XMRig cryptominer distribution. "While we did not observe XorDdos directly installing and distributing secondary payloads like Tsunami, it's possible that the trojan is leveraged as a vector for follow-on activities," said Microsoft. The findings come after CrowdStrike had reported a 35% increase in Linux malware in 2021, compared with 2020.