Wednesday , July 1 2026
LINUX

ALERT
Hackers Using Supershell Malware Targeting Linux SSH Servers

Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers remote control of affected systems.

After the initial infection, attackers likely used scanners to find more vulnerable targets and launched dictionary attacks with credentials collected from the compromised systems.

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
Apple fixes more than 30 iOS, macOS, and Safari flaws

Attackers exploit critical flaw in Oracle E-Business

Attackers are now using a flaw (called CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial app, according to the security...
Read More
Attackers exploit critical flaw in Oracle E-Business

WhatsApp to allow usernames instead of phone numbers

WhatsApp is about to release a big update that may change how people communicate on the app. Soon, users can...
Read More
WhatsApp to allow usernames instead of phone numbers

Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

The Linux Foundation said on Thursday that they are starting a new project to fix flaws in open source software...
Read More
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of its email systems that five...
Read More
Data breach affects 14.2 million email logins across six ISPs

Asian Two AI startups launch Mythos-like Model

Two Asian AI companies have released new models this week that compete with Anthropic’s recently limited Mythos and Fable models,...
Read More
Asian Two AI startups launch Mythos-like Model

Polymarket Hack Reportedly Results in $3 Million Theft

Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what might happen in real-life events...
Read More
Polymarket Hack Reportedly Results in $3 Million Theft

Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5

Anthropic said that Claude Mythos 5, its strongest AI security model, will be sent back to some U.S. orgs that...
Read More
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5

The data shows a list of IP addresses used by threat actors along with root credentials, including common passwords such as “root/password” and “root/123456789.” Attackers often use these to access vulnerable systems.

The attacker used different methods to download and run harmful scripts after breaching a system. An attacker used wget, curl, tftp, and ftpget to download scripts from various sources, such as web servers and FTP servers, including non-standard ports.

The attacker ran downloaded scripts using shell commands, gaining remote access and possibly installing more malware. They also tried to cover their tracks by deleting the scripts and other related files.

  GitHub page of Supershell

An attacker installed the disguised Supershell backdoor on a poorly managed Linux system, allowing them remote control, as indicated by its internal strings, behavior, and logs.

The main goal appears to be taking control of the system, but the attacker might also want to install a cryptocurrency miner, like XMRig, to exploit system resources for personal gain. This fits typical attack patterns targeting weak Linux systems.

Threat actors are taking advantage of insecure Linux SSH servers by installing the Supershell backdoor, allowing remote control of affected systems and leading to data theft and other malicious actions.

ASEC recommends that administrators focus on strong password practices, regular updates, and effective security measures like firewalls to mitigate this threat.

Keeping V3 updated is essential to prevent malware infections. These countermeasures can greatly reduce the risk of Supershell attacks for organizations.

The detected malware includes a Cobalt Strike backdoor, a shell agent downloader, and an ElfMiner downloader, identified as Backdoor/Linux.CobaltStrike.3753120, likely used for remote access and control.

The Downloader/Shell.Agent.SC203780 is a malicious shell agent that downloads and runs other harmful software. The ElfMiner downloader, Downloader/Shell.ElfMiner.S1705, was likely used to install cryptocurrency mining malware.

Check Also

CVE-2026-20230

Cisco Unified CM flaw CVE-2026-20230 exploited in attacks

A serious SSRF flaw, called CVE-2026-20230, in Cisco Unified Communications Manager Server is now being …