Remediation? Servers affected by Windigo included those running Apple OS X, OpenBSD, FreeBSD, Microsoft Windows (through Cygwin) and Linux, including Linux on the ARM architecture.
The answer was for admins to check their servers using the console command, $ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected", ESET said.
Anyone discovering an infection would have to wipe the affected system and re-install the OS. They should also consider using two-factor authentication in future.
"We realise that wiping your server and starting again from scratch is tough medicine, but if hackers have stolen or cracked your administrator credentials and had remote access to your servers, you cannot take any risks," said Lveill.
"Sadly, some of the victims we have been in touch with know that they are infected, but have done nothing to clean up their systems - potentially putting more internet users in the firing line."
Sign up for CIO Asia eNewsletters.