Technology

Hackers target the Windows subsystem for Linux

Hackers are showing increasing interest in the Windows Subsystem for Linux (WSL) as a target. Security researchers discovered new malware to match – some used to track down users and steal data, others to load additional malware.

According to a new report from Bleeping Computer Online Magazine diamond. The Windows subsystem for Linux is now becoming a “popular” target for hackers, especially since WSL natively runs Linux binaries on Windows in an environment that emulates the Linux kernel. Recently discovered WSL-based malware samples are based on open source code that directs communication through the Telegram messaging service and gives the threat actor remote access to the compromised system. Once accessed, further malware can be loaded onto the PC.

The number of such attacks has been steadily increasing since September 2021. However, a problem with this is that they are often not recognized at all – the security researchers at Black Lotus Labs fear that there is quite a gray area here. Black Lotus Labs explained that they have detected more than 100 examples of WSL-based malware since last fall.

Some are more advanced than others and therefore more dangerous. Of the samples analyzed so far, two are particularly noteworthy in that they can act as a RAT (Remote Access Tool) tool or set up a reverse shell on the infected host.

Using Spy tools for login theft

Additional capabilities of the variant include taking screenshots and collecting user and system information (username, IP address, OS version), which the attacker can use to determine which malware or utilities to use in the following phase of the compromise.

The resulting multi-stage attacks often go unnoticed until it’s too late. According to Black Lotus Labs, the malicious code samples used were classified as malicious only by two of the 57 antivirus programs on Virus Total.

Black Lotus Labs has warned in the past that threat actors are investigating WSL for their purposes. How far this has progressed is evidenced by the low detection rates of AV providers. The general recommendation for defense against WSL-based threats is to closely monitor system activity, using tools such as SysMon to quickly identify suspicious activity.

Recent Posts

Samsung Galaxy Tab S12 Ultra Leak shows design of the high-end tablet

New render images provide a preview of the upcoming Samsung Galaxy Tab S12 Ultra. While…

3 hours ago

TSMC wants to remain No. 1 in chips: A14, A13, A12 nodes from 2028

Taiwan Semiconductor Manufacturing Company (TSMC) has once again provided an outlook on its plans for…

4 hours ago

Apple iPad Mini 8 with OLED screen probably coming in autumn

The iPad Mini could soon see notable innovations for the first time in years. According…

4 hours ago

Pixel 11 Pro Fold Leak: Expected function appears to be missing

A current leak shows Google's upcoming folding smartphone in a new color variant. In addition…

4 hours ago

Tesla to introduce a bike, but not in the way you might think

The car manufacturer Tesla has brought a new two-wheeler onto the market. However, this is…

4 hours ago

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

20 hours ago