Or historical exploits/trojans/etc. that deserve more attention? I’ve mostly heard about lucrative vulnerabilities that concern Linux servers, but what about the end-users on desktops? Or is the Linux desktop market small enough that we mostly just see one-off instances of users blindly running malicious scripts?
Not in the way you’re probably thinking, which I assume is like in a Windows-y kind of way.
Finding an exploitable escalation of privileges in Linux is rare, but unpatched machines get hacked all the time, but the world of worms, and such is kind of gone.
The way most end-user machines get compromised these days is by supply chain attacks, undiscovered zero-day exploits, user error, and social engineering. Groups that discover zero-days usually keep it close the vest, and they don’t get found for long periods of time after they’ve been out in the wild.
The way most corporate machines get attacked is social engineering, supply chain, and zero-days. Mostly crypto mining schemes and enterprise-level ransoms for data.
All the Windows botnets you hear about out there are largely unpatched machines exposed to the internet in various stupid ways that groups prey on to take control of.
Edit: Forgot about leaked secrets. Lots of companies get hit from plaintext secrets that get out in the wild via various stupid means.
Malware targeting individuals rather than servers do not need privilege escalation. They just need to run as the user and swipe cookies/credentials/wallets etc. Privilege escalation would allow them to do catastrophic damage but that’s not the point in that case.