ESET Uncovers Long-Standing Linux/Mumblehard Malware Targeting Web Servers

ESET Uncovers Long-Standing Linux/Mumblehard Malware Targeting Web Servers

First seen 16 Jul 2026, 08:06 UTC Esetwww.welivesecurity.com 79% similarity 54.9

Article Content

Browse articles
ThreatCluster

ESET researchers have identified a sophisticated family of Linux malware named Linux/Mumblehard, which has been active for over five years. This malware primarily targets Linux and BSD web servers, utilizing a backdoor and a spamming daemon written in Perl. The backdoor exploits vulnerabilities in popular content management systems like Joomla and WordPress, allowing it to receive commands from its Command and Control (C&C) server. The malware is distributed through pirated copies of a program called DirectMailer, sold by Yellsoft. During monitoring, over 8,500 unique IP addresses were observed exhibiting Mumblehard behavior, with more than 3,000 machines affected in early April 2026. The malware's main purpose is to send spam messages while hiding behind the legitimate IP addresses of infected machines. Victims are advised to check for unsolicited cronjob entries that may indicate infection. A detailed white paper on Mumblehard is available for download.

Key Points: • Linux/Mumblehard malware targets Linux and BSD web servers for spamming. • Over 8,500 unique IP addresses have been linked to Mumblehard infections. • The malware exploits vulnerabilities in Joomla and WordPress and is distributed via pirated software.

ThreatCluster AI

Timeline

2026-04-01
Initial spike in Mumblehard infections observed
More than 3,000 machines were affected by Mumblehard during the first week of April 2026.
www.welivesecurity.com
2026-07-15
ESET publishes research paper on Mumblehard
ESET released an in-depth technical paper detailing the Mumblehard malware and its components.
Eset
2026-07-16
ESET reveals Mumblehard's long-term activity
ESET researchers disclosed that Mumblehard has been active for over five years, targeting web servers.
www.welivesecurity.com

Community

Browse all →