TL;DR, this is using password guessing. Solution: use better passwords or turn off passwords altogether and use ssh authorized_keys.
On Thu, Jan 11, 2024 at 12:13 PM MC_Sequoia <mcsequ...@protonmail.com> wrote: > "For the past year, previously unknown self-replicating malware has been > compromising Linux devices around the world and installing cryptomining > malware that takes unusual steps to conceal its inner workings, researchers > said. > > The worm is a customized version of Mirai, the botnet malware that infects > Linux-based servers, routers, web cameras, and other so-called Internet of > Things devices. Mirai came to light in 2016 when it was used to deliver > [record-setting distributed denial-of-service attacks]( > https://arstechnica.com/information-technology/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/) > that [paralyzed]( > https://arstechnica.com/information-technology/2016/10/inside-the-machine-uprising-how-cameras-dvrs-took-down-parts-of-the-internet/) > key parts of the Internet that year. The creators soon released the > underlying source code, a move that allowed a wide array of crime groups > from around the world to incorporate Mirai into their own attack campaigns. > Once taking hold of a Linux device, Mirai uses it as a platform to infect > other vulnerable devices, a design that makes it a worm, meaning it > self-replicates." > > Article link - > https://arstechnica.com/security/2024/01/a-previously-unknown-worm-has-been-stealthily-targeting-linux-devices-for-a-year/ > > Sent with [Proton Mail](https://proton.me/) secure email.