EvilGnome Linux Spyware

Its rare to see a malware or spyware on Linux, but this article shows that someone has been working on one for Desktop

https://thehackernews.com/2019/07/linux-gnome-spyware.html

The Spy Agent of EvilGnome contains five malicious modules called "Shooters," as explained below:

  • ShooterSound— this module uses PulseAudio to capture audio from the user's microphone and uploads the data to the operator's command-and-control server.
  • ShooterImage— this module uses the Cairo open source library to captures screenshots and uploads them to the C&C server. It does so by opening a connection to the XOrg Display Server, which is the backend to the Gnome desktop.
  • ShooterFile— this module uses a filter list to scan the file system for newly created files and uploads them to the C&C server.
  • ShooterPing— the module receives new commands from the C&C server, like download and execute new files, set new filters for file scanning, download and set new runtime configuration, exfiltrate stored output to the C&C server, and stop any shooter module from running.
  • ShooterKey— this module is unimplemented and unused, which most likely is an unfinished keylogging module.
Click to expand...
 
Click to expand...
Daniel~
booman said:
Its rare to see a malware or spyware on Linux, but this article shows that someone has been working on one for Desktop

https://thehackernews.com/2019/07/linux-gnome-spyware.html
Click to expand...

wow, that's pretty unhappy making. For the last 10 years or so Linux has been my Anti-virus.

Didn't anyone tell them that Linux is just for people who are to poor to use Whimdows. Honest!!

Let's back up a minute! Well my back up takes 15 minutes, I do one right after upgrading or a new install. I keep 5-7 backups. on a separate drive.

Can be very useful when things go south.
 
booman
At least the article says its an unfinished spyware... but yeah, who are they going infect exactly? 1000 computer in the whole world?

They could be doing a LOT more hard infection 100K Windows computers instead.
 
Kaitain
It's an interesting exercise, for sure. As it stands, it's pretty useless, but... imagine if they'd got the keystroke logger working. Simply wait for somebody to type "sudo <cmd>" and log the password, and then they have the ability to elevate their service into the system.

I suspect that they targetted Gnome as that's what they were familiar with, but you've got the same risk with all DEs that allow arbitrary extensions. Usual thing - be careful what you run from the internet.

As to purpose? Who knows...
 
Daniel~
That's the ticket!We should get only those hackers to dumb to know where the money is!

M.S. has spent it's entire life creating a hacker friendly environment.
Linux simply can't begin to compete with whimdos!

What has Linux ever done to make the cyber world safer for hackers?
(Ah...that part is rhetorical!)

Whimdose practically created the hacker and now Linux comes whining about a lack of Linux hackers!!

All because Americans can't keep two OS' in their minds at the same time.
It's just not that hard!

Whimdos was created by those seeking a mature point of view,
one that put money first and more money second.

Whimdos is an operating system dedicated to ...What?

OK I see your point. Money and more money does actually cover this.

BUT! Just take a look at Linux!!! They don't even freaking charge! they just give it away. Like Americans are stupid enough to pay for it!!

OK! I covered that with "they can't keep two OS's in mind at the same time.

Just because you love linux that doesn't mean you can't be swindled by MS at the same time now does it?

Let's face it!! Whindos has a proven track record! They can guarantee
a level of noncompliance that linux can only dream of!!
 
booman
My problem is that I'm downloading all kinds of games from itch.io, GOG and Moddb.com
For the most part they are safe because legitimate developers have uploaded them.

I suspect its easier to get malware/spyware by downloading porn or pirated movies/software.... which I don't do
 
Kaitain
Daniel~ said:
Whimdose practically created the hacker and now Linux comes whining about a lack of Linux hackers!!
Click to expand...
Aw now, know your history - hackers, and their nefarious counterparts (i.e. criminals), have existed since the original Unix and Vax VMS days.

That's not to excuse MS - they seem to be more bug-prone than most, but they're also the most lucrative target to attack. We Linux desktop users are a rare enough breed anyway, and the sheer variety of desktop configurations, libraries etc. rather limits the applicability of this sort of malware.

@booman, if I were to attempt this sort of exploit, I might try to do so via a game mod: first, I can be reasonably certain that particular libraries and capabilities exist, because they're what steam/wine needs, and second, I can be reasonably sure that there's a Windows compatibility layer for those bits I can't get Linux to do.
 
booman
Really?
I would think exploiting pirated software would get more exposure....
Can malware have both windows executables and unix executables in the same application?
 
Kaitain
booman said:
Really?
I would think exploiting pirated software would get more exposure....
Click to expand...
Maybe on Windows, where software is expensive, but since Linux has so many free alternatives, you're limited in the paid-for applications you could pirate. And... if you really need the paid-for version, chances are you'll pay, as paying for software is such a novelty ;)

So, I'd be looking at things that people do download. It's why criminals tried to poison Gentoo's portage tree, and why the various distro repositories are carefully guarded....

booman said:
Can malware have both windows executables and unix executables in the same application?
Click to expand...
That's effectively what happens when you run a Windows application in Wine. However, the likelihood of Windows malware being interpreted correctly is... probably not zero, but a small enough chance that it might as well be.
 
booman
Wow, I wasn't even thinking about Wine...
I was thinking about a malicious software that runs in Windows, but if it also executes in unix environment it will run as well. I'm sure that would be a lot of work, but Game Developers do exactly that. The game is bundled with Windows and Linux binaries to run the game in either and its just a single download for us.

Thank you for your knowledge!
 
You must log in or register to reply here.
Back
Top