Abarbarian
Acruncher
- Joined
- Sep 30, 2005
- Messages
- 11,023
- Reaction score
- 1,223
EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
EvilGnome: Rare Malware Spying on Linux Desktop Users
"Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web server market share, which consists of 70% of Linux-based operating systems. Consequently, the Linux malware ecosystem is plagued by financial driven crypto-miners and DDoS botnet tools which mostly target vulnerable servers.
This explains our surprise when in the beginning of July, we discovered a new, fully undetected Linux backdoor implant, containing rarely seen functionalities with regards to Linux malware, targeting desktop users."
Luckily my Arch + Window Maker setup does not have the afore mentioned directory installed so this will not affect me. MINT and UBUNTU user here may have that directory installed so it worth while doing a quick check.
EvilGnome: New Linux Spyware
Dubbed EvilGnome, the malware has been designed to take desktop screenshots, steal files, capture audio recording from the user's microphone as well as download and execute further second-stage malicious modules.
EvilGnome: Rare Malware Spying on Linux Desktop Users
"Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web server market share, which consists of 70% of Linux-based operating systems. Consequently, the Linux malware ecosystem is plagued by financial driven crypto-miners and DDoS botnet tools which mostly target vulnerable servers.
This explains our surprise when in the beginning of July, we discovered a new, fully undetected Linux backdoor implant, containing rarely seen functionalities with regards to Linux malware, targeting desktop users."
Prevention and Response
We recommend to Linux users who want to check whether they are infected to check the “~/.cache/gnome-software/gnome-shell-extensions” directory for the “gnome-shell-ext” executable.
Luckily my Arch + Window Maker setup does not have the afore mentioned directory installed so this will not affect me. MINT and UBUNTU user here may have that directory installed so it worth while doing a quick check.