SSHStalker botnet uses IRC to target Linux servers

Deutsch

A new Linux botnet named SSHStalker is exploiting cloud servers for profit by employing the ancient IRC protocol. It targets Linux servers through automated scans, cron jobs, and IRC communications. The operation revives old-school methods to cut costs, as reported by TechRadar.

The SSHStalker botnet has emerged as a threat to Linux servers, particularly those in cloud environments. According to TechRadar, this malware leverages the Internet Relay Chat (IRC) protocol, a technology dating back decades, to coordinate its activities and reduce operational expenses.

SSHStalker initiates infections via automated scans that identify vulnerable Linux servers. Once access is gained, it deploys cron jobs to schedule tasks and maintain persistence. The botnet's command-and-control structure relies on IRC channels, allowing operators to issue commands efficiently without modern, more detectable infrastructure.

This approach highlights a return to basic networking tools in cybercrime, exploiting the familiarity and low cost of IRC. TechRadar's coverage, published on February 14, 2026, describes how SSHStalker aims to generate profit, likely through cryptocurrency mining or other illicit means on compromised cloud resources.

Security experts note that such botnets underscore the ongoing risks to unsecured servers, but specific details on the scale of infections or affected regions remain undisclosed in the report.

Verwandte Artikel

Dramatic server room scene illustrating the SSHStalker Linux botnet infecting thousands of vulnerable servers via SSH exploits.
Bild generiert von KI

Researchers discover SSHStalker botnet infecting Linux servers

Von KI berichtet Bild generiert von KI

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

New Linux botnet SSHStalker uses IRC for command-and-control

Researchers have identified a new Linux botnet called SSHStalker that relies on the outdated IRC protocol for its command-and-control operations. The botnet spreads through SSH scanning and brute-forcing, targeting cloud infrastructure. It incorporates old vulnerabilities and persistence mechanisms for broad infection.

Researchers uncover ShadowHS Linux exploitation framework

Von KI berichtet

Cyble Research and Intelligence Labs has revealed ShadowHS, a sophisticated fileless framework for post-exploitation on Linux systems. The tool enables stealthy, in-memory operations and long-term access for attackers. It features a weaponized version of hackshell and advanced evasion techniques.

Linux

Researchers uncover new SysUpdate malware variant targeting Linux

Technologie

Russian hackers exploit Microsoft Office vulnerability days after patch

Linux

Linux rootkits advance with eBPF and io_uring techniques

New SysUpdate malware variant targets Linux systems

A new variant of the SysUpdate malware has been discovered targeting Linux systems, featuring advanced encryption for command-and-control communications. Security researchers at LevelBlue identified the threat during a digital forensics engagement and developed a tool to decrypt its traffic. The malware disguises itself as a legitimate system service to evade detection.

OpenClaw gains rapid traction as AI execution engine for crypto

Von KI berichtet

OpenClaw, an open-source AI project formerly known as Moltbot and Clawdbot, has surged to over 100,000 GitHub stars in less than a week. This execution engine enables AI agents to perform actions like sending emails and managing calendars on users' behalf within chat interfaces. Its rise highlights potential to simplify crypto usability while raising security concerns.

Daniel Stenberg warns of risks in curl project

Daniel Stenberg, creator of the widely used curl program, draws parallels between his project and a cyberattack that nearly succeeded two years ago. In an interview in Huddinge, he stresses the importance of trust in open-source software underpinning the internet. An expert warns he could theoretically shut down half the internet.

cURL scraps bug bounties due to AI-generated slop

Von KI berichtet

The cURL project, a key open-source networking tool, is ending its vulnerability reward program after a flood of low-quality, AI-generated reports overwhelmed its small team. Founder Daniel Stenberg cited the need to protect maintainers' mental health amid the onslaught. The decision takes effect at the end of January 2026.

Mittwoch, 18. März 2026, 03:20 Uhr

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

Donnerstag, 12. März 2026, 22:40 Uhr

US and Europe disrupt SocksEscort proxy network

Mittwoch, 11. März 2026, 14:00 Uhr

Google report warns of shifting cloud threat landscape

Mittwoch, 11. März 2026, 11:04 Uhr

Chinese cybersecurity agency warns of OpenClaw AI risks

Mittwoch, 11. März 2026, 07:15 Uhr

14,000 Asus routers infected by takedown-resistant KadNap malware

Donnerstag, 26. Februar 2026, 01:40 Uhr

The hacker news publishes weekly threatsday bulletin

Dienstag, 17. Februar 2026, 10:18 Uhr

OpenClaw AI agents targeted by infostealer malware for first time

Freitag, 30. Januar 2026, 22:28 Uhr

OpenClaw AI assistant endures viral fame and rebrands amid chaos

Mittwoch, 21. Januar 2026, 17:17 Uhr

Attackers hijack Linux Snap Store apps to steal crypto phrases

Mittwoch, 21. Januar 2026, 05:18 Uhr

AI-assisted VoidLink malware framework targets Linux cloud servers

 

 

 

Diese Website verwendet Cookies

Wir verwenden Cookies für Analysen, um unsere Website zu verbessern. Lesen Sie unsere Datenschutzrichtlinie für weitere Informationen.
Ablehnen