Sorry if this makes you both break out in hives but the single largest security threat to linux is linux itself.
To clarify that, the largest real threat to the linux kernel, that threat is the fact that basically all of userspace is the old west, and the entirety of the thing is such a PITA to configure that no matter what you look up via google et-al you're going to find that people are consistently being told by "experts" to "just enter these commands" which sometimes start with "sudo".
Just in case you haven't got my drift yet, the big advantage that i see in the more forward-looking distros like mageia (redhat-derived) or ubuntu-mate (debian-derived) is that people actually seem to be addressing those configurability issues, the ones that lead linux people who have been trained to believe that linux is "safe" because the kernel is like cast-iron, to just "issue these commands" which they probably have no idea about, with regard to what they do, where they came from, or if they are safe or trojan horses.
Get a trojan horse into linux, and you have the same problem any other OS has. And you have the same solution. What's the solution to an alien infection? Wipe the host's hard-drive and reinstall. For windows folks "reinstall" is probably still the shudder-inducing word it was when i used windows.
Nice thing about linux is "reinstall" means "format the partition and copy your backup to it". With the right setup, we're talking the time it takes to reboot onto a portable drive, format a partition (gedit) and copy files (rsync) with a little editing to /etc/fstab.
That's another reason i like linux, backing up a windows system so you can restore what you had, exactly as it was the last time you backed it up, was a mortal PITA with reboots to ghostscript or whatever the thing was called, etc. I run my linux system backups, meaning backups of the system partition as it is running, via rsync, which is a mortal PITA to use just like most linux commands, but at least i can do backups with the system running, and i was never crazy enough to even attept that under windows.
Anyway a linux system is as susceptible to a trojan as any other OS, but if you can keep those off you're pretty much good to go.
Being the recovered paranoiad-guy that i am, i like my backups. I live in a forest, that's why i pay for homeowner's insurance, forests burn down hereabouts. It's like the AAA card i bought maybe 5 years ago, it's a superstition thing, isn't it?
Anyway, i avoid system updates whenever i can. The kernel is solid, and i'm careful who i invite onboard, and besides that the only thing worth stealing is my code, which will almost certainly be free anyway once it's written, which of course it isn't being right now, it's waiting for me to get done here.