detection icon

Short bio

Linux.Hacktool.Portscan is Malwarebytes generic detection name for Linux based port scanners. 

Type and source of infection

Hacktools are a category of riskware. Riskware, in general, is a detection for items that are not strictly malicious, but pose some sort of risk for the user in another way.

Programs might be termed as “riskware” because they:

  1. Violate the terms of service (ToS) of other software or a user platform.
  2. Block another application or software from being updated and patched.
  3. Might be illegal to use in the users’ country.
  4. Could be used as a backdoor for other malware.
  5. Are indicative of the presence of other malware.

Port scanning is a process to check open ports of a system. Port scanners are often used by gamers and hackers to check for available ports and to fingerprint services. Samples detected as Linux.Hacktool.Portscan are toolse whose primary function is to scan open TCP/UDP ports on targeted networks, thereby facilitating more complex cyber-attacks.


By detecting Linux.Hacktool.Portscan Malwarebytes warns system administrators about the presence of these tools. At which point they can decide whether they are there for a legitimate reason.


How to remove Linux.Hacktool.Portscan with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found. On the Quarantine page you can see which threats were quarantined and restore them if necessary.