Linux Malware Rates Rise to Record Levels Amid Hacker Inconsistency

malware alert on computer screen
New Linux malware hit record highs in 2022 as hackers targeted the growing number of devices and servers that run on Linux operating systems.

After rising and falling since 2021, new Linux malware hit record highs at year-end in 2022, growing by 117% over previous levels.

While Linux malware reached never-before-seen numbers in 2022, the total number of new malware developments among other major computing platforms fell.

Linux is regarded as one of the most secure operating systems. But its roller coaster ride of detected incidents since 2021 shows it is not immune to malware.

Malware attacks targeting Linux are not new. What is changing, though, is the focus cybercriminals now place on Linux in business and industry. Linux malware has become increasingly prevalent in recent years as more devices and servers run on Linux operating systems.

The new malware numbers, based on an analysis by researchers at Atlas VPN, show that the Linux threat landscape is evolving, warned the report’s writers. It shows attackers increasingly see Linux as another worthwhile target.

“Linux users need to be aware of the growing risks, as prioritizing system security is more important than ever,” they concluded.

Report Details

According to data analysis the Atlas VPN team released on Jan. 18, new Linux malware threats hit record numbers in 2022, increasing by 50% to 1.9 million.

Compared to 2021, when 121.6 million samples were detected, new malware numbers overall dropped by 39% to 73.7 million in 2022. Most new Linux malware samples (854,690) were seen in the first quarter of 2022. But in the second quarter, new malware samples dropped by almost 3% to 833,065.


Those Linux detection numbers plummeted again in the third quarter of last year by a staggering 91% to 75,841. But they picked up again in the fourth quarter of 2022, growing by 117% to 164,697.

The Linux malware analysis is based on threat statistics from AV-Atlas, a threat intelligence platform from AV-Test GmbH, an independent research institute for IT security in Germany.

Malware by the Numbers

The research shows that Malware on all computing platforms is on the decline. But despite the reduction in detected new incidents, malware attacks against the Linux OS drastically increased.

The Android platform saw the most significant fall in newly-programmed malware by 68%. It fell from 3.4 million in 2021 to 1.1 million in 2022.

Despite being the most targeted operating system, Microsoft Windows ranked second in the decreased number of new malware threats, with a 40% decline. It dropped from 116.95 million malware detections in 2021 to 70.7 million last year.

New malware detections on the macOS platform plunged by 26% from 17,061 in 2021 to 12,584 in 2022.


All factors considered, Linux is still a highly secure operating system, noted the analysis report. Researchers credited that assessment to Linux and its open-source software’s penchant for allowing constant review by the tech community.

That “many eyes” philosophy leads to fewer exploitable security vulnerabilities. Also, Linux limits administrative privileges for users.

Cyber Vigilance Encouraged for All Users

Even though much of the enterprise business use of Linux involves cloud computing and servers, another recent report warns that consumers, in general, on all computing platforms face new threats from emerging technologies.

A ReasonLabs report just released, The State of Consumer Cybersecurity 2023, cited growing concerns over new threats born out of emerging technologies such as virtual or mixed reality.

“To protect themselves and their families against both existing and emerging threats, home users should educate themselves about potential dangers and utilize cyber protection solutions such as next-gen antivirus software, a VPN, a DNS filter, and parental control apps across their digital devices,” said ReasonLabs CEO and co-founder Kobi Kalif.

As businesses improve their cybersecurity practices, attackers are increasingly focusing on home users, according to ReasonLabs. The proliferation of remote and hybrid work has made it easier for attackers to access corporate networks through employees’ home networks.

Why Linux Malware Attacks are Shifting

Linux malware first appeared in 1996 as a basic virus. Attackers tried to gain root access by attaching code to running executables.

That early attempt failed to spread. In part, IT and system admins succeeded in rapidly patching to safeguard their Linux installations against malware attacks.

Hackers concentrated on loading malware onto computer systems more accessible to their rogue code. That is no longer the case.

Today, attackers see Linux servers as a valuable target for a higher return on investment. Over the last two years, Linux malware has become more complex and dangerous, according to cybersecurity experts.

Now the cadre of malware targeting Linux systems includes tools such as Cloud Snooper, EvilGnome, HiddenWasp, QNAPCrypt, GonnaCry, FBOT, and Tycoon.

It is not surprising that Linux-related malware attacks have experienced fluctuating rates, offered Mark N. Vena, CEO and principal analyst at SmartTech Research.

“While Linux does indeed have a reputation for being formidable from malware attacks, the fact of the matter is that bad actors have limited resources and were much more likely to attack Windows primarily, macOS, and smartphones [iOS/Android] because there is much more upside from a sheer volume standpoint,” Vena told LinuxInsider.

At a market level, he acknowledged that the Atlas VPN report also indicated that malware attacks across most platforms, especially Windows, decreased.

“That is a sign that enterprise companies using Windows are doing a much better job in incorporating VPN and security solutions that are succeeding in mitigating some of these requests,” Vena said.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

  • Why steal $100 dollars from a personal account when you can steal $1 million from a business or bank? Going after servers makes sense to criminals.

    I can wipe my hard drive and be up and running again in less then 30 minutes, I keep backups, businesses don’t have that luxury even if they back up, it can take days to weeks.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels