Linux

Not in the way you're probably thinking, which I assume is like in a Windows-y kind of way.

Finding an exploitable escalation of privileges in Linux is rare, but unpatched machines get hacked all the time, but the world of worms, and such is kind of gone.

The way most end-user machines get compromised these days is by supply chain attacks, undiscovered zero-day exploits, user error, and social engineering. Groups that discover zero-days usually keep it close the vest, and they don't get found for long periods of time after they've been out in the wild.

The way most corporate machines get attacked is social engineering, supply chain, and zero-days. Mostly crypto mining schemes and enterprise-level ransoms for data.

All the Windows botnets you hear about out there are largely unpatched machines exposed to the internet in various stupid ways that groups prey on to take control of.

Edit: Forgot about leaked secrets. Lots of companies get hit from plaintext secrets that get out in the wild via various stupid means.

TLDR: While Linux is less susceptible to malware in some ways, it mostly boils down to Linux having a more technically minded userbase whereas Windows is a "mainstream" operating system.

Most Windows malware nowadays come from social engineering scams (complete this "captcha" by pressing Windows+R and pasting in this powershell script we conveniently put in your clipboard) or untrusted third party installers because Windows doesn't natively have a package manager. Like others have said, the old school self-propagating worms and drive by downloads that activate just by clicking on a link aren't really possible anymore (outside of state actors with unlimited budgets to buy zero days) unless your system or browser is horrifically outdated.

In terms of social engineering, Linux is not necessarily better at preventing it than Windows. In fact, sudo in Linux will unquestioningly delete the kernel and system software or make unlimited changes to them. Windows, for better or for worse (tbh more worse than better), uses TrustedInstaller to limit access to system files. Windows 11 won't easily let you delete or modify System32 for example, even if you're an admin. So it's in theory easier to do more damage to your system on Linux if you don't know what you're doing. But if someone is using Linux full time, they're most likely technical enough to not be fooled into running random untrusted bash commands.

The biggest thing is to be careful with those Linux terminal tutorial sites that have a "add to clipboard" button, they can put literally anything into your clipboard, including an enter key to run the script as soon as you put it in your terminal (though this may or may not be possible depending on your terminal app). Actually, they don't even need you to use their copy button. They can just set an event listener for control-C anywhere on their site and automatically replace the clipboard content. Just double check everything you copy before running it, especially since there's a lot of times where Linux users have to rely on obsecue tutorials hosted on untrusted websites.

You also don't really need to run untrusted installers on Linux because almost everything you need is in a properly moderated software repository, be it your native package manager, Flatpak, or Snap. Everything is signed by the authors and has a ton of eyes from the open source community on it. The only things to look out for is compiling something from GitHub, random AppImages, Elf binaries, scripts, and last but not least third party repositories that can be added as an installation source to your package manager/Flatpak/Snap. Basically, Linux gets most of its "doesn't get malware" reputation from the same place Mac does: you rarely have to manually download and run an executable from a random website, which is the norm on Windows. Add to the fact that even when that's needed, the Linux userbase is more technical and is more able to discern which sources are reputable and which are suspicious.

Another major source of malware is pirated versions of Windows or untrusted "license activators" from the internet. This just isn't a problem on Linux because there's no license to activate and it's free to begin with so there's nothing to pirate. And again, if someone is running Linux, they're probably technical enough to know not to run random pirated versions of paid software to begin with, helped by the fact that the vast majority of paid software is Windows only.

I think, on a personal Linux desktop, more damage is done by malicious browser extensions than by actual viruses or root kits. So you could classify it as social engineering, maybe.

Traditional worm-type malware doesn't really exist on windows anymore either.

I haven’t heard of any such cases, but it is a smaller pool of users. Also, many desktop Linux users know more about using a computer than other operating system users, since it’s less common for Linux to come preinstalled. So that may affect it, too.

I imagine vulnerabilities with the Linux kernel or common utilities do apply to desktop users as well, which is a good reminder why staying up-to-date is important. But to my understanding, exploiting remotely would need a way of sending data to the target. And most desktop computers won’t have ports open to the internet for anyone like servers will.

I know that Wayland’s design does make it more difficult for a user-mode program to act maliciously, like as key-loggers or reading the clipboard.

For desktop use, the biggest thing as of late has been compromised flatpak's or appimages. Like others have said Linux users are usually more technical but more importantly we install almost all of our software from trusted repositories instead of exe's from random websites. Flatpak and appimage brings the bad security hygiene of Windows to Linux. Honorable mention goes to typosquatting programming libraries, but that mostly affects developers and not normal desktop users.

There were a few in the last couple of years, but not a widespread virus like Windows. There was a hiding in plain sight virus. Basically just files named similarly and a mechanism to hide itself when you ran 'top' type commands,

I heard there was some zero day via some rootkit that hijacked the bootloader for newer linux desktop kernels. Some korean cybersec students or smth I don't remember. But it was very recent like last year iirc?