Thing is, targeting Linux on x86 will target high value users. Either servers, developers, sysadmins and the like. Yes you will hit less people, but the value of each hit is magnitude higher. It’s the same reasons apps first target iOS rather than android: apple users have an easier wallet.

I covered that in my post. Those users are targeted specifically. There have been news stories about it recently. People don't develop general malware for x86 Linux that also happens to catch those users though. That was the point. If someone with resources is targeting you, you don't stand a chance regardless of what you do.

What architecture do you think servers use? Some graphs I found with a quick google ( https://www.itcandor.com/server-q219/ ) suggest >85% market share of x86, what else would they use? ARM is still not very widely used in servers, I think.

> Servers: mostly are not on x86.

Let's agree that we disagree. I'll just say that I work for a cloud provider and non-x86 servers are anecdotal :) but their media presence is not, as it's the new hot thing and that's free advertising.

> developers, sysadmins: tend to have the hardest configs and thus making it a lot more difficult to hack.

yet those people have a cognitive bias of "i'm too smart to fall". and those people will have some practices that are so detrimental to security it's laughable. how many developers will shutdown their laptop every day after work? compare this to the common practice of "just go to sleep" which will prevent browser updates, system updates, kernel updates, you name it. take a firefox that is months old with an unpatched ubuntu and you get the idea ground for a browser escape combined with an lpe. and even without lpe you'll grab many many credentials.

imho those still are harder to trick, but not because the config is hardened, but because there is a config at all. for example a phishing that imitates a floating browser window with a fake login page would not work on me. not because i'm smart, not because my config is hardened or whatnot, but because good luck to the scam for finding the specific window decorations I have on my linux system. oh, and the fact that I use a tiling wm and thus floating windows don't exist. it's a side effect of nerds being nerds.

> So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.

This is not incompatible. "normies" will get tricked in downloading invoice.pdf.exe, but that's windows only. The payout for invoice.pdf.sh or whatever may be very high, but you need your rat or stealer or whatever to know linux.

> unless ... they are targeting the servers managed by those devs and sysadms

That was the precise reason I talked about devs and sysadmins. Infrastructure credentials, aws keys, you name it.

And as a dev/sysadmin, you don't need targeted attacks to get pwned. A malicious package on npm/gems/cargo is all it takes. It's a spray and pray strategy, but if you catch even a handful of people this way it might be the jackpot.

Most servers use Linux so that’s probably a more valuable target than Windows.

What hardware are you on?