Put linux on the net with a weak ssh enabled root password and watch it get infected within minutes - I did that with a memory only installation, and multiple different people attacked it.
I assume they fought with each other for control of the machine, but I rebooted it instead.
Try it - it's interesting, use a USB stick to boot it, and make sure to physically disconnect all hard drives.
I think they mostly just want to send spam emails.
Worked at a smaller mom and pop business. We only had two sys admins. One day, I went over to ask about some web hosting. The one admin was sitting there, eating lunch and giggling, while lines and lines of code kept scrolling by on of his monitors.
ME: "What's so funny?"
Dan: "You see that? Take a closer look."
ME: "What am I even looking at?"
Dan: "Simple script I built to track bots trying to break into our Linux box (server). What you're watching is a metric fuck ton of Chinese and other bots trying to brute force the login."
He explained that any new server being connected to the internet, regardless of OS will be instantly attacked like you said. The server in question was only online for about 30 minutes and we were watching an endless stream of automated attacks from different bots. The failed login attempts were blocked after two attempts and the IP addresses logged for further review; but the bots would just respawn at different IP ranges and try again, it was pretty crazy.
It was a big eye opener for me. I had no idea it was that bad. Man, was I naïve!
It was also 'yet' for the first 20 years i used MacOS.
Get a large enough user base, and malware will follow, and that may be the reason Linux is still relatively free from malware. Despite advancements, normal people still don't run Linux. It's either IT people or people who had their IT friend/child/whatever install it for them.
With browser extensions being used as delivery platforms, it may not be long until it hits Linux as well. The same delivery method (using a user lauchd job) would work for a user systemd job.
Wine got good enough to run at least some malware. You might need some weird config flags though. Don't really know if this is a pro linux or contra linux comment.
I assume they fought with each other for control of the machine, but I rebooted it instead.
Try it - it's interesting, use a USB stick to boot it, and make sure to physically disconnect all hard drives.
I think they mostly just want to send spam emails.