2020 Threat Report: Linux Threats

Three Linux Threats


Mirai is a malware botnet based on the Linux platform. It compromises Internet of Things (IOT) devices in order to conduct large-scale distributed denial of service (DDOS) attacks. First identified in August 2016, Mirai has been leveraged in some of the most prolific DDOS attacks in the world. Two notable examples include the assault on Brian Krebs’ website and the Dyn attack on DNS servers, affecting millions of endpoints.


Setag is a Linux-based malware variant that installs a backdoor, usually after being downloaded by unwitting users visiting a malicious site or via other malware variants. Once installed on a host, Setag drops various configuration files including a list of IP addresses used to facilitate distributed denial of service (DDoS) attacks and may give attackers the ability to control, scrape, and exfiltrate sensitive information.



Gafgyt is a variant of a competing botnet, JenX. First discovered in 2014, Gafgyt has been updated to use remote code execution exploits to gain access and recruit routers into its IOT botnet. Gafgyt specifically targets gaming servers with distributed denial of service (DDoS) attacks. The malware also targets small organizations and home-based wireless routers including models from Zyxel, Huawei, and Realtek.
Get the Whole Story

Get the Whole Story

For information on other noteworthy 2019 Linux threats and suggestions for mitigating risks associated with these threats, download the full BlackBerry® 2020 Threat Report.

Want to learn more about the cross-platform APT espionage attacks that targeted mobile devices while remaining undetected for nearly a decade? Download our Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android research report.

More Recommended Reading

BlackBerry 2020 Threat Report Highlights
Top Windows Threats of 2019
Top Mac Threats of 2019
2020 Threat Report