Security News > 2022 > May > New Windows Subsystem for Linux malware steals browser auth cookies
Hackers are showing an increased interest in the Windows Subsystem for Linux as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules.
WSL-based malware samples discovered recently rely on open-source code that routes communication through the Telegram messaging service and gives the threat actor remote access to the compromised system.
Black Lotus Labs researchers told BleepingComputer this week that they have tracked more than 100 samples of WSL-based malware since last fall.
Black Lotus Labs researchers told BleepingComputer that the malware came with a live bot token and chat ID, indicating an active command and control mechanism.
A second recently discovered WSL-based malware sample was built to set up a reverse TCP shell on the infected machine to communicate with the attacker.
Malware authors are making progress and have already created variants that work on both Windows and Linux and can upload and download files, or execute attacker commands.
News URL
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft improves text contrast for all Windows Chromium browsers (source)