Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Ashley xD

Malware for the Linux desktop. Yes, really.

Recommended Posts

Posted (edited) · Original PosterOP

Article i used: https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/

 

Quote

EvilGnome, rare and unusual though it may be, gets its media-friendly name because it was clearly written to target the comparatively small but committed community who use Linux on their laptops.

 

Quote

The takeSound() function can capture audio and upload it; takeScreenshot() speaks for itself, and scanFolder() looks for files to steal.

 

Intezer says that the ShooterKey:: components aren’t finished (and therefore aren’t used), but it’s easy to guess what these functions might do in a future version – log keystrokes and thereby sniff out passwords.

 

Lastly, ShooterPing:: not only communicates back to the crooks but can also download new malware and run it.

 

Quote

What to do?

As mentioned at the start, we haven’t seen this in the wild, so it’s unlikely you’ll encounter it.

But here are some tips anyway:

  • Check for a process called gnome-shell-ext. If found, use kill -9 to terminate it. If if comes back after a minute then this malware is probably already active on your system. Do steps 2 and 3, then repeat this step to kill it completely.
  • Check your crontab for an entry like 0-59 * * * * /.cache/gnome-software/gnome-shell-extensions/gnome-shell-ext.sh. That’s a sign that the auto-reloading script has been installed. Remove it from crontab.
  • Check for the abovementioned gnome-shell-ext* files. If you remove them then the malware can’t reload even you if haven’t cleaned the crontab.

 

The Linux Gamer also made a video on the virus:

 

 

 

My thoughts: it was only going to be a matter of time until viruses targeted at regular Linux users were going to pop up. The increased popularity of Linux makes it interesting to hackers. As always it's best practice to have antivirus installed on every sytem you have, even if it runs Linux. 

Edited by Twilight

Phone: iPhone 6s | 64GB iOS

Laptop: Apple MacBook Pro | Core i5 3210M | 16GB RAM500GB SSD | macOS

PC: Intel S5520HC | 2x Xeon E5620 | RX 4608GB RAM500GB SSD | Bitfenix Whisper 850W | Ubuntu 20.10

Link to post
Share on other sites

It's worth noting that the average user who installs packages from the repositories does not need to worry about this.


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites
Posted (edited) · Original PosterOP
On 7/26/2019 at 1:13 PM, Sauron said:

It's worth noting that the average user who installs packages from the repositories does not need to worry about this.

that's not entirely true. 

Edited by Twilight

Phone: iPhone 6s | 64GB iOS

Laptop: Apple MacBook Pro | Core i5 3210M | 16GB RAM500GB SSD | macOS

PC: Intel S5520HC | 2x Xeon E5620 | RX 4608GB RAM500GB SSD | Bitfenix Whisper 850W | Ubuntu 20.10

Link to post
Share on other sites
7 minutes ago, Twilight said:

EvilGnome, rare and unusual though it may be, gets its media-friendly name because it was clearly written to target the comparatively small but committed community who use Linux on their laptops.

I literally just got Manjaro Gnome installed on my ZenBook no more than 5 days ago. My timing is so unreal.

 

8 minutes ago, Twilight said:

My thoughts: it was only going to be a matter of time until viruses targeted at regular Linux users were going to pop up. The increased popularity of Linux makes it interesting to hackers. As always it's best practice to have antivirus installed on every sytem you have, even if it runs Linux. 

Is it bad to admit that I don't have an anti-virus as I trust myself enough to use Manjaro - for a lack of a better word - naked? Additionally, I only ever browse YouTube and stuff so I wouldn't come across any dark alley websites, and anything I do install, it's through software manager.


mechanical keyboard switches aficionado & hi-fi audio enthusiast

switch reviews  how i lube mx-style keyboard switches

Link to post
Share on other sites
Posted · Original PosterOP
4 minutes ago, seoz said:

Is it bad to admit that I don't have an anti-virus as I trust myself enough to use Manjaro - for a lack of a better word - naked? Additionally, I only ever browse YouTube and stuff so I wouldn't come across any dark alley websites, and anything I do install, it's through software manager.

You did use the AUR there are always risks there. you can install a free and open-source antivirus if you want. just install clamtk using pacman. it doesn't scan in real time so you need to run scans manually. regardless it's better than nothing. be sure to check the settings too because by default it's set up really stupid and won't scan directories recursively and it won't scan large files etc. make sure to enable all of that. 


Phone: iPhone 6s | 64GB iOS

Laptop: Apple MacBook Pro | Core i5 3210M | 16GB RAM500GB SSD | macOS

PC: Intel S5520HC | 2x Xeon E5620 | RX 4608GB RAM500GB SSD | Bitfenix Whisper 850W | Ubuntu 20.10

Link to post
Share on other sites
6 minutes ago, Twilight said:

You did use the AUR there are always risks there.

It is extremely hard to get malware through the AUR though - the most popular packages are maintained by the same people who maintain the main repos and recently adopted packages are always watched carefully. Even in the rare times it happens it's caught in a matter of a few hours. You can generally trust it.


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites

And even if you grab flatpak direct from the main devs' sites, you're still quite unlikely to get hit... So you'd literally have to have worse browsing habits than the average grandma...

Link to post
Share on other sites
3 minutes ago, Tenelia said:

And even if you grab flatpak direct from the main devs' sites, you're still quite unlikely to get hit... So you'd literally have to have worse browsing habits than the average grandma...

I'm betting this is who it's targeting, grandparents with a windows-skinned KDE or something that don't know better but are protected from most things since it's Linux.

Link to post
Share on other sites
5 hours ago, seoz said:

I literally just got Manjaro Gnome installed on my ZenBook no more than 5 days ago. My timing is so unreal.

 

Is it bad to admit that I don't have an anti-virus as I trust myself enough to use Manjaro - for a lack of a better word - naked? Additionally, I only ever browse YouTube and stuff so I wouldn't come across any dark alley websites, and anything I do install, it's through software manager.

I've used Linux for years with no antivirus and haven't had any issue, but as previously mentioned, just stick to official repos and you'll be good.

Link to post
Share on other sites
13 hours ago, HarryNyquist said:

I'm betting this is who it's targeting, grandparents with a windows-skinned KDE or something that don't know better but are protected from most things since it's Linux.

Exactly... Being in the server space, there's actually tons of malware that can run on Linux (centos or ubuntu or otherwise), but you'd have to intentionally download them *and* run them because the operating permissions are extremely granular on what hardware and software interactions are allowed.

Link to post
Share on other sites
2 hours ago, floofer said:

Its a good thing I run MacOS so I don't need to worry about these virus doo-dads

Meanwhile the Linux community are still in denial that anything bad can happen.  


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
17 hours ago, IAmAndre said:

I've used Linux for years with no antivirus and haven't had any issue, but as previously mentioned, just stick to official repos and you'll be good.

i love this argument "ive used X for years without antivirus and never had any virus"

 

well no shit, you wouldnt know about it because theres nothing to tell you lmao


MSI GX660 + i7 920XM @ 2.8GHz + GTX 970M + Samsung SSD 830 256GB

Link to post
Share on other sites
Posted · Original PosterOP
12 hours ago, mr moose said:

Meanwhile the Linux community are still in denial that anything bad can happen.  

i've never been in denial. don't generalize. it's very well known that viruses exist on Linux, and i always installed antivirus on my linux desktops. 


Phone: iPhone 6s | 64GB iOS

Laptop: Apple MacBook Pro | Core i5 3210M | 16GB RAM500GB SSD | macOS

PC: Intel S5520HC | 2x Xeon E5620 | RX 4608GB RAM500GB SSD | Bitfenix Whisper 850W | Ubuntu 20.10

Link to post
Share on other sites
1 minute ago, Twilight said:

i've never been in denial. don't generalize. it's very well known that viruses exist on Linux, and i always installed antivirus on my linux desktops. 

Have you read many of the comments people make regarding Linux and security?  It's not a generalization, its an observation of many peoples commentary on the subject.

 

 

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
Posted · Original PosterOP
Just now, mr moose said:

Have you read many of the comments people make regarding Linux and security?  It's not a generalization, its an observation of many peoples commentary on the subject.

i have. i also watch a few youtubers that do video's on linux and they always recommend installing AV. please don't generalize all linux users. 


Phone: iPhone 6s | 64GB iOS

Laptop: Apple MacBook Pro | Core i5 3210M | 16GB RAM500GB SSD | macOS

PC: Intel S5520HC | 2x Xeon E5620 | RX 4608GB RAM500GB SSD | Bitfenix Whisper 850W | Ubuntu 20.10

Link to post
Share on other sites
1 minute ago, Twilight said:

i have. i also watch a few youtubers that do video's on linux and they always recommend installing AV. please don't generalize all linux users. 

I'll tell people what I see when i see it,  I'm sorry if that upsets you, but even in this thread there are people claiming you'll be fine if you only use certain repositories etc.    It is a very common theme within the Linux community, alongside many other claims.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, mr moose said:

I'll tell people what I see when i see it,  I'm sorry if that upsets you, but even in this thread there are people claiming you'll be fine if you only use certain repositories etc.    It is a very common theme within the Linux community, alongside many other claims.

sure there are misconceptions in the linux community. so? what community doesn't have some false information in it? there are also people saying that all you need on Windows is windows defender which has been often debunked. 


Phone: iPhone 6s | 64GB iOS

Laptop: Apple MacBook Pro | Core i5 3210M | 16GB RAM500GB SSD | macOS

PC: Intel S5520HC | 2x Xeon E5620 | RX 4608GB RAM500GB SSD | Bitfenix Whisper 850W | Ubuntu 20.10

Link to post
Share on other sites
12 minutes ago, Twilight said:

sure there are misconceptions in the linux community. so? what community doesn't have some false information in it? there are also people saying that all you need on Windows is windows defender which has been often debunked. 

Well in that case lets not talk about anything.  ?

 

I really don't know why you don't want anyone talk about the misconceptions? 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites

It is strange to me that they went through the trouble of reinventing the wheel for a malicious implant with commodity post exploitation functions. All of these features exist in multiple free command and control frameworks already. I mean I haven't gone through the code myself but the post-exploitation features are probably better implemented in Empire or Meterpreter, in that they evade detection's better.

 

People seem to think that really the only way they would get malware on a Linux box would be through something malicious involving their package manager, this is far from the case. A legitimate website that has been compromised through JavaScript, XSS, or iFrames, could easily download something like this without your knowledge. If you have any public facing services, or unintentionally public facing services, is your home firewall configured correctly? Are you immune to spearphishing links and attachments? I can tell you an attacker learning something as seemingly innocuous as a software version number can lead to full system compromise. 

 

ClamAV is a joke, it is better than nothing, but not by much. You would almost be better off dragging and dropping files into VirusTotal. The endpoint protection space on the Linux/Unix side of things is atrocious and way further behind than where it stands with Windows, which also isn't in a good place. A few vendors in the Windows space are at best doing a questionable job with fileless malware, PowerShell, csc.exe, MSBuild.exe, VBScript. These attacks occasionally get picked up now (an improvement from 2 or 3 years ago.) This is not the case with Linux/Unix generally speaking. I think they are adding some of the same type of security features that PowerShell has implemented into Python3 but I think that has a long way to go still. The fact of the matter is most Windows/Linux/Unix machines and their users wouldn't know if they had a malicious PowerShell or Python one-liner ran on them. When was the last time you went through your PowerShell logs in Event Viewer? Who has sophisticated logging setup for Python, and actually checks it?

Link to post
Share on other sites

It usually a great idea not to update anything when it first release for the public unless it important security update.

 

A good sys admin will test update on a separate system, as update is know to break as update can't be tested on all hardware/software configuration.

 

20 hours ago, floofer said:

Its a good thing I run MacOS so I don't need to worry about these virus doo-dads

Mac is not completely safe from malware as well...


Magical Pineapples


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×