A new malware campaign, Perfctl, is targeting vulnerable Linux servers for cryptocurrency mining and proxyjacking. The malware exploits the Polkit vulnerability (CVE-2021-4043) to escalate privileges, using stealth tactics like stopping activity when a user logs in and deleting its binary after execution. It disguises itself with names similar to legitimate system processes, evades detection with a rootkit, and drops a mining payload. To mitigate risks, it’s crucial to patch systems, restrict file execution, and enforce network segmentation and Role-Based Access Control (RBAC). Detection often involves monitoring for spikes in CPU usage.