Case Study: Distribution of a CoinMiner Targeting Linux SSH Servers via Malware Distribution via Network Transmission
The AhnLab SEcurity intelligence Center (ASEC) is monitoring attacks targeting poorly managed Linux servers using multiple honeypots. Recently, ASEC identified cases where malware with propagation capabilities was used to install the XMRig CoinMiner. In these attack cases, malware such as ShellBot, MIG LogCleaner, and XHide were used. The threat
Statistical Report on Malware Targeting Linux SSH Servers in the Second Quarter of 2026
Content In the second quarter of 2026, the AhnLab SEcurity intelligence Center (ASEC) collected and analyzed attack logs targeting poorly managed Linux SSH servers through honeypots. The scope of the analysis covers attack sources that progressed to executing actual malware installation commands, as well as statistics on the malware used

