CGPS

Just now, Kaspersky has announced that their antivirus, which forms in part their "home security" plan, is now available on Linux. The cybersecurity solution now has the maximum protection for users in all their devices which run Windows, Linux, MacOS, Android and IOS.

If you thought Linux was immune to cyberthreats, it’s time to rethink that view. The number of malicious programs targeting this OS has increased 20-fold over the past five years! These threats include miners, ransomware, and even malware embedded into the source code of popular applications. For instance, last year’s attack involving a backdoor in the XZ archiving utility, which is built into many popular Linux distributions, could have become the most widespread attack on the Linux ecosystem in its entire history.

You can buy Kaspersky for Linux to protect your devices.

If you're still not convinced, or if you think that you don't need an antivirus on Linux, I'll illustrate the many ways in which you could get infected with malware.

Just today, i recieved two Debian security advisories:

Package        : firefox-esr
CVE ID         : CVE-2025-13012 CVE-2025-13013 CVE-2025-13014
                 CVE-2025-13015 CVE-2025-13016 CVE-2025-13017
		 CVE-2025-13018 CVE-2025-13019 CVE-2025-13020

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code
or bypass of the same-origin policy.

Package        : chromium
CVE ID         : CVE-2025-13042

A security issue was discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

Web browsers frequently have such vulnerabilities, which allow arbitrary code execution. Now, luckily, it's quite rare to encounter websites designed to exploit such vulnerabilities, because it's simply much easier to do a phishing campaign.

The most common infections would be packages which contain malware. There are many packages for Linux which you don't install through the package repositories, but instead you download some files. Eg, you can install Steam by downloading a .deb file. Some VPN services have clients which you have to manually download. And Nextcloud client, (a self-hosted Google Drive alternative), can be installed by downloading an AppImage.

What these have in common, is that it's trivial to create a fake website to distribute the malware. We've seen examples of this in Google Ads for Davinchi Resolve (and other apps) which lead to a fake website identical to the original, but which contained a virus. Recently, with the rise of methods of installing packages on Linux, using systems like Snap, Flatpak, AppImage, Docker, etc, creates more possibilities to insert malware to the repositories. In fact, in the AUR repository of Arch Linux, there was an attempt to create false versions of web browsers which contained malware.

And if you install a malware-ridden version, the virus can do everything it wants on the system. It can encrypt all the files. It can send the cookies and passwords to the hackers. It can search for crypto, etc etc.

And if you run the program, no type of "hardening" will protect the system. Even if you spend weeks upon weeks deactivating bluetooth kernel modules, it won't stop any ransomware from encrypting all the files on the disk. Even a simple "rm -rf" is more than enough.

I sometimes see 'geniuses' in some forums saying "I don't need an antivirus on Linux, because I use Lynx as my web browser, I only use the official repositories, and compile every package manually!" Well, let's say that they want to do a bit of gaming on Linux, and install a game either through Steam, or they find a free download. Well, if the game contains malware (quite common on Windows), this malware could run on the Linux system even though it's made for Windows, thanks to the compatibility layers like Proton/Wine.

And let's say that that they run every app inside a sandbox like Bubblewrap / firejail, and manually give permissions. Is there a way to escape the sandbox?

Of course. A potential way is to attack the kernel, which also contains vulnerabilities. Right now, if you look at the Debian Kernel security tracker you can see that the kernel used in trixie (stable) has various vulnerabilities that have yet to be patched.

Given all these attack ways, this is why it's so important to install an antivirus, like from Kaspersky, to protect the machine.