Article Index

Linux Malware: The Truth About This Growing Threat [Updated] - A Brief History of Linux Malware

A Brief History of Linux Malware

The increasing prevalence of Linux malware in recent years arguably creates the illusion of a new threat targeting Linux systems; however, in reality, Linux malware has been around for quite some time. The first piece of Linux malware - dubbed Stoag - was identified in 1996. Staog was a basic virus that attempted to gain root access by attaching itself to running executables, but did not spread very successfully and was rapidly patched. 

Stoag made its claim to fame as the first piece of Linux malware, but Bliss - recognized in 1997 - was the first Linux malware variant to grab headlines. Similar to Stoag, Bliss was a fairly mild infection. It attempted to grab permissions via compromised executables, and could be deactivated with a simple shell switch.

Guardian Digital CEO and founder Dave Wreski comments on the evolution of Linux malware, “Over the years, malware targeting Linux systems has become both more sophisticated and more common; however, up until fairly recently Linux malware was still relatively scarce and primitive compared to the variants that threatened proprietary operating systems. As of 2018, there had not yet been a single widespread Linux malware attack or virus comparable to those that frequently target Microsoft Windows - which can be attributed to a lack of root access and rapid updates to the majority of Linux vulnerabilities.” Unfortunately for Linux users, that era has come to an end. The threat landscape on Linux has remodeled over the past two years to become significantly more complex and dangerous.