Wormable Panchan Peer-to-Peer Botnet Harvests Linux Server Keys
The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.
Linux is an open-source operating system used across servers and devices, so kernel, distribution, and software vulnerabilities can affect deployed systems.
Search across headline titles and summaries.
Background for this topic.
Linux is an open-source operating-system kernel: privileged software that manages hardware, memory, processes, filesystems, and networking. Most deployments use it through a distribution that adds user-space tools, package managers, libraries, and an update policy. This distinction matters in security reporting: a kernel flaw, a distribution-package flaw, and a flaw in an application running on Linux may have different affected versions and fixes.
Material attack surfaces include kernel code, loadable modules and device drivers, network services, local privilege boundaries, and third-party packages. Vulnerabilities can enable denial of service, information disclosure, or escalation from an unprivileged account to root, depending on configuration and exploitability. Administrators should track upstream and distribution advisories, apply security updates, and reboot when a running kernel remains vulnerable. Mandatory access-control systems such as SELinux or AppArmor can restrict compromised processes; signed repositories, audit logs, and tested configuration baselines support package integrity and investigation. Open source does not itself guarantee security: exposure depends on code, configuration, maintenance, and the surrounding software stack.
The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.
A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. [...]
The malware can cloak a malicious payload that could be remotely controlled by an adversary
The backdoor allowed attackers to upload and download files, execute commands and remove their footprint
Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet
Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it. Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.…
A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely. [...]
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts