The Ebury Linux botnet, initially discovered in 2014 with 25,000 infected systems, has persisted and expanded over the past decade, reaching approximately 100,000 infected systems by the end of 2023, according to a report by ESET. Despite a takedown attempt and the sentencing of one of its operators, Maxim Senakh, the botnet has continued to evolve, with constant updates and estimated infections of over 400,000 hosts since 2009. Primarily targeting servers, particularly those of hosting providers, Ebury abuses compromised systems for financial gain, intercepting SSH traffic to capture login credentials and targeting Tor exit nodes, Bitcoin, and Ethereum nodes to steal cryptocurrency wallets. The botnet’s operators employ various tactics, including zero-day exploits, root privilege escalation, credential stuffing, and SSH adversary-in-the-middle attacks, to compromise

Read more: https://www.securityweek.com/400000-linux-servers-hit-by-ebury-botnet/