Q1 2026 Malware Statistics Report for Linux SSH Servers

ASEC analyzed Q1 2026 honeypot logs for SSH attacks against Linux servers and found P2PInfect dominating attack sources (70.3%) alongside DDoS/mining bots (Mirai, XMRig, Prometei, CoinMiner); a confirmed case involved an attacker installing V2Ray on a compromised server to operate it as a proxy, and the report provides defensive recommendations and one MD5 indicator.