A new strain of malware that targets vulnerable Linux-based systems is loose in the wild, with an interesting habit of avoiding government and military networks.
Dubbed GoScanSSH (a mash-up of its hallmarks: its Golang-based coding, its ability to scan for new hosts from infected machines, and use of the SSH port), the malware is being used in a widespread campaign that includes more than 70 unique malware samples and multiple versions, indicating that this threat is continuing to be actively developed and improved upon by the attackers. The earliest instance of a variant dates back to last summer, so the campaign has been ongoing for at least nine months.