A new Linux botnet named SSHStalker is exploiting cloud servers for profit by employing the ancient IRC protocol. It targets Linux servers through automated scans, cron jobs, and IRC communications. The operation revives old-school methods to cut costs, as reported by TechRadar.
The SSHStalker botnet has emerged as a threat to Linux servers, particularly those in cloud environments. According to TechRadar, this malware leverages the Internet Relay Chat (IRC) protocol, a technology dating back decades, to coordinate its activities and reduce operational expenses.
SSHStalker initiates infections via automated scans that identify vulnerable Linux servers. Once access is gained, it deploys cron jobs to schedule tasks and maintain persistence. The botnet's command-and-control structure relies on IRC channels, allowing operators to issue commands efficiently without modern, more detectable infrastructure.
This approach highlights a return to basic networking tools in cybercrime, exploiting the familiarity and low cost of IRC. TechRadar's coverage, published on February 14, 2026, describes how SSHStalker aims to generate profit, likely through cryptocurrency mining or other illicit means on compromised cloud resources.
Security experts note that such botnets underscore the ongoing risks to unsecured servers, but specific details on the scale of infections or affected regions remain undisclosed in the report.
