{"id":213576,"date":"2026-02-14T17:20:00","date_gmt":"2026-02-14T22:20:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/14\/the-ancient-irc-protocol-is-back-in-action-thanks-to-sshstalkers-linux-botnet-exploiting-cloud-servers-for-profit\/"},"modified":"2026-02-14T18:15:08","modified_gmt":"2026-02-14T23:15:08","slug":"the-ancient-irc-protocol-is-back-in-action-thanks-to-sshstalkers-linux-botnet-exploiting-cloud-servers-for-profit","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/14\/the-ancient-irc-protocol-is-back-in-action-thanks-to-sshstalkers-linux-botnet-exploiting-cloud-servers-for-profit\/","title":{"rendered":"The ancient IRC protocol is back in action, thanks to SSHStalker\u2019s Linux botnet exploiting cloud servers for profit"},"content":{"rendered":"<p><a href=\"https:\/\/www.techradar.com\/pro\/does-anyone-even-remember-irc-a-new-linux-botnet-uses-some-incredibly-old-school-methods-to-cut-costs\">The ancient IRC protocol is back in action, thanks to SSHStalker\u2019s Linux botnet exploiting cloud servers for profit<\/a><\/p>\n<p><a href=\"https:\/\/www.techradar.com\/pro\/does-anyone-even-remember-irc-a-new-linux-botnet-uses-some-incredibly-old-school-methods-to-cut-costs\">https:\/\/www.techradar.com\/pro\/does-anyone-even-remember-irc-a-new-linux-botnet-uses-some-incredibly-old-school-methods-to-cut-costs<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-14 17:20:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.techradar.com\">www.techradar.com<\/a><\/p>\n<ul id=\"9a541df8-adaa-4508-9353-8cea6d8e6901\">\n<li><strong>SSHStalker uses IRC channels and multiple bots to control infected Linux hosts<\/strong><\/li>\n<li><strong>Automated SSH brute-forcing rapidly spreads the botnet through cloud server infrastructures<\/strong><\/li>\n<li><strong>Compilers are downloaded locally to build payloads for reliable cross-distribution execution<\/strong><\/li>\n<\/ul>\n<p id=\"6e73c24b-1133-4598-9983-ac4130f7d51d\">SSHStalker, a recently discovered Linux botnet, is apparently relying on the classic IRC (Internet Relay Chat) protocol to manage its operations.<\/p>\n<p>Created in 1988, IRCwas once the dominant instant messaging system for technical communities due to its simplicity, low bandwidth needs, and cross-platform compatibility.<\/p>\n<p id=\"6e73c24b-1133-4598-9983-ac4130f7d51d-2\">Unlike modern command-and-control frameworks, SSHStalker uses multiple bots, redundant channels, and servers to maintain control over infected devices while keeping operational costs low.<\/p>\n<p><span class=\"font-article-heading block pb-3 !text-base font-bold uppercase sm:text-sm text-[#333]\"><br \/>\nYou may like<br \/>\n<\/span><\/p>\n<h2 id=\"botnet-structure-and-command-infrastructure-3\">Botnet structure and command infrastructure<\/h2>\n<p id=\"cd2c02fb-d1e2-4575-bef2-e58e65bd58c0\">SSHStalker&#8217;s malware achieves initial access through automated SSH scanning and brute-force attacks, and then uses a Go-based binary disguised as the open-source network tool nmap to infiltrate servers.<\/p>\n<p>Researchers from security firm Flare documented nearly 7,000 bot scan results in a single month, mainly targeting cloud infrastructure, including Oracle Cloud environments.<\/p>\n<p>Once a host is compromised, it becomes part of the botnet\u2019s propagation mechanism, scanning other servers in a worm-like pattern.<\/p>\n<p>After infection, SSHStalker downloads the GCC compiler to build payloads directly on the compromised system, which ensures its C-based IRC bots can run reliably across different Linux distributions.<\/p>\n<p class=\"newsletter-form__strapline\">Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<p>These bots contain hard-coded servers and channels that enroll the host into the IRC-controlled botnet.<\/p>\n<p>Additional payloads named GS and bootbou provide orchestration and execution sequencing, effectively creating a scalable network of infected machines under centralized IRC control.<\/p>\n<p>Persistence on each host is maintained through cron jobs&#8230;<\/p>\n<p><a href=\"https:\/\/www.techradar.com\/pro\/does-anyone-even-remember-irc-a-new-linux-botnet-uses-some-incredibly-old-school-methods-to-cut-costs\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ancient IRC protocol is back in action, thanks to SSHStalker\u2019s Linux botnet exploiting cloud&#8230;<\/p>\n","protected":false},"author":1,"featured_media":213577,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/BUi4eir3JnCCT2MRGt3weS-2560-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,32,57],"class_list":["post-213576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-malware","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213576"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213576"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213576\/revisions"}],"predecessor-version":[{"id":213578,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213576\/revisions\/213578"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213577"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}