Eset
ESET Uncovers Long-Standing Linux/Mumblehard Malware Targeting Web Servers
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
ESET researchers have identified a sophisticated family of Linux malware named Linux/Mumblehard, which has been active for over five years. This malware primarily targets Linux and BSD web servers, utilizing a backdoor and a spamming daemon written in Perl. The backdoor exploits vulnerabilities in popular content management systems like Joomla and WordPress, allowing it to receive commands from its Command and Control (C&C) server. The malware is distributed through pirated copies of a program called DirectMailer, sold by Yellsoft. During monitoring, over 8,500 unique IP addresses were observed exhibiting Mumblehard behavior, with more than 3,000 machines affected in early April 2026. The malware's main purpose is to send spam messages while hiding behind the legitimate IP addresses of infected machines. Victims are advised to check for unsolicited cronjob entries that may indicate infection. A detailed white paper on Mumblehard is available for download.
Key Points: • Linux/Mumblehard malware targets Linux and BSD web servers for spamming. • Over 8,500 unique IP addresses have been linked to Mumblehard infections. • The malware exploits vulnerabilities in Joomla and WordPress and is distributed via pirated software.