La botnet SSHStalker usa IRC para atacar servidores Linux

Español

Una nueva botnet de Linux llamada SSHStalker explota servidores en la nube para obtener beneficios mediante el antiguo protocolo IRC. Apunta a servidores Linux a través de escaneos automatizados, trabajos cron y comunicaciones IRC. La operación revive métodos de la vieja escuela para reducir costos, según informa TechRadar.

La botnet SSHStalker ha surgido como una amenaza para los servidores Linux, particularmente aquellos en entornos de nube. Según TechRadar, este malware aprovecha el protocolo de Internet Relay Chat (IRC), una tecnología de décadas de antigüedad, para coordinar sus actividades y reducir los gastos operativos. SSHStalker inicia las infecciones mediante escaneos automatizados que identifican servidores Linux vulnerables. Una vez obtenido el acceso, despliega trabajos cron para programar tareas y mantener la persistencia. La estructura de mando y control de la botnet se basa en canales IRC, lo que permite a los operadores emitir comandos de manera eficiente sin necesidad de infraestructura moderna más detectable. Este enfoque resalta un retorno a herramientas básicas de redes en el cibercrimen, explotando la familiaridad y el bajo costo del IRC. La cobertura de TechRadar, publicada el 14 de febrero de 2026, describe cómo SSHStalker busca generar beneficios, probablemente a través de minería de criptomonedas u otros medios ilícitos en recursos de nube comprometidos. Los expertos en seguridad señalan que tales botnets subrayan los riesgos continuos para servidores no asegurados, pero los detalles específicos sobre la escala de las infecciones o las regiones afectadas no se divulgan en el informe.

Artículos relacionados

Dramatic server room scene illustrating the SSHStalker Linux botnet infecting thousands of vulnerable servers via SSH exploits.
Imagen generada por IA

Researchers discover SSHStalker botnet infecting Linux servers

Reportado por IA Imagen generada por IA

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

New Linux botnet SSHStalker uses IRC for command-and-control

Researchers have identified a new Linux botnet called SSHStalker that relies on the outdated IRC protocol for its command-and-control operations. The botnet spreads through SSH scanning and brute-forcing, targeting cloud infrastructure. It incorporates old vulnerabilities and persistence mechanisms for broad infection.

Researchers uncover ShadowHS Linux exploitation framework

Reportado por IA

Cyble Research and Intelligence Labs has revealed ShadowHS, a sophisticated fileless framework for post-exploitation on Linux systems. The tool enables stealthy, in-memory operations and long-term access for attackers. It features a weaponized version of hackshell and advanced evasion techniques.

Tecnología

Russian hackers exploit Microsoft Office vulnerability days after patch

Linux

Linux rootkits advance with eBPF and io_uring techniques

Linux

New SysUpdate malware variant targets Linux systems

OpenClaw gains rapid traction as AI execution engine for crypto

OpenClaw, an open-source AI project formerly known as Moltbot and Clawdbot, has surged to over 100,000 GitHub stars in less than a week. This execution engine enables AI agents to perform actions like sending emails and managing calendars on users' behalf within chat interfaces. Its rise highlights potential to simplify crypto usability while raising security concerns.

Attackers hijack Linux Snap Store apps to steal crypto phrases

Reportado por IA

Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.

cURL scraps bug bounties due to AI-generated slop

The cURL project, a key open-source networking tool, is ending its vulnerability reward program after a flood of low-quality, AI-generated reports overwhelmed its small team. Founder Daniel Stenberg cited the need to protect maintainers' mental health amid the onslaught. The decision takes effect at the end of January 2026.

Malicious npm packages harvest crypto keys and secrets

Reportado por IA

Nineteen malicious packages on the npm registry are spreading a worm known as SANDWORM_MODE. These packages steal crypto keys, CI secrets, API tokens, and AI API keys. The theft occurs through MCP injection.

4 de abril de 2026 14:25

Daniel Stenberg warns of risks in curl project

18 de marzo de 2026 03:20

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

12 de marzo de 2026 22:40

US and Europe disrupt SocksEscort proxy network

11 de marzo de 2026 14:00

Google report warns of shifting cloud threat landscape

11 de marzo de 2026 11:04

Chinese cybersecurity agency warns of OpenClaw AI risks

11 de marzo de 2026 07:15

14,000 Asus routers infected by takedown-resistant KadNap malware

26 de febrero de 2026 01:40

The hacker news publishes weekly threatsday bulletin

19 de febrero de 2026 13:36

Researchers uncover new SysUpdate malware variant targeting Linux

17 de febrero de 2026 10:18

OpenClaw AI agents targeted by infostealer malware for first time

30 de enero de 2026 22:28

OpenClaw AI assistant endures viral fame and rebrands amid chaos

 

 

 

Este sitio web utiliza cookies

Utilizamos cookies para análisis con el fin de mejorar nuestro sitio. Lee nuestra política de privacidad para más información.
Rechazar