Security News > 2021 > September > Yes, of course there's now malware for Windows Subsystem for Linux
Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem for Linux to install unwelcome payloads.
On Thursday, Black Lotus Labs, the threat research group at networking biz Lumen Technologies, said it had spotted several malicious Python files compiled in the Linux binary format ELF for Debian Linux.
"These files acted as loaders running a payload that was either embedded within the sample or retrieved from a remote server and was then injected into a running process using Windows API calls," Black Lotus Labs said in a blog post.
Because WSL wasn't enabled by default and Windows 10 didn't ship with any preinstalled Linux distro, Bashware wasn't considered a particularly realistic threat at the time.
The files function as loaders for a payload that's either embedded - possibly created using open-source tools like MSFVenom or Meterpreter - or fetched from a remote command-and-control server and is then inserted into a running process via Windows API calls.
The code invokes various Windows APIs to fetch a remote file and add it to a running process, thereby establishing access to the infected machine.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/17/windows_subsystem_for_linux_malware/
Related news
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)