Apr 22, 2026mediumransomware

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery.

what's affectedNew GoGra malware for Linux uses Microsoft Graph API for comms

mitigation statusMonitoring updates

first reportedApr 22, 2026

mentions (24h)384

velocitytrend flat

mentions delta+3% vs yesterday

platform splitX 53% · Reddit 15% · GitHub 32%

keywords

ransomwarevulnerabilitymitigation

x analyticsheat 0

authors 0verified 0%

likes0

retweets0

replies0

quotes0

summaryDiscussion is steady around exposure checks and mitigation updates.

Curated Apr 22, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Your AI security internreadyGrace is ready

Grounded in this brief only — New GoGra malware for Linux uses Microsoft Graph API for comms. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

scanning advisory feeds…