Security News > 2021 > September > Yes, of course there's now malware for Windows Subsystem for Linux
Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem for Linux to install unwelcome payloads.
On Thursday, Black Lotus Labs, the threat research group at networking biz Lumen Technologies, said it had spotted several malicious Python files compiled in the Linux binary format ELF for Debian Linux.
"These files acted as loaders running a payload that was either embedded within the sample or retrieved from a remote server and was then injected into a running process using Windows API calls," Black Lotus Labs said in a blog post.
Because WSL wasn't enabled by default and Windows 10 didn't ship with any preinstalled Linux distro, Bashware wasn't considered a particularly realistic threat at the time.
The files function as loaders for a payload that's either embedded - possibly created using open-source tools like MSFVenom or Meterpreter - or fetched from a remote command-and-control server and is then inserted into a running process via Windows API calls.
The code invokes various Windows APIs to fetch a remote file and add it to a running process, thereby establishing access to the infected machine.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/17/windows_subsystem_for_linux_malware/
Related news
- GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks (source)
- New Bifrost malware for Linux mimics VMware domain for evasion (source)
- New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion (source)
- Stealthy GTPDOOR Linux malware targets mobile operator networks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)