Security News > 2021 > September > New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.

"These files acted as loaders running a payload that was either embedded within the sample or retrieved from a remote server and was then injected into a running process using Windows API calls," researchers from Lumen Black Lotus Labs said in a report published on Thursday.

Windows Subsystem for Linux, launched in August 2016, is a compatibility layer that's designed to run Linux binary executables natively on the Windows platform without the overhead of a traditional virtual machine or dual-boot setup.

The earliest artifacts date back to May 3, 2021, with a series of Linux binaries uploaded every two to three weeks till August 22, 2021.

This secondary "Shellcode" payload is then injected into a running Windows process using Windows API calls for what Lumen described as "ELF to Windows binary file execution," but not before the sample attempts to terminate suspected antivirus products and analysis tools running on the machine.

What's more, the use of standard Python libraries makes some of the variants interoperable on both Windows and Linux.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/alb0Tv1cUr8/new-malware-targets-windows-subsystem.html