Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Malware WSL appeared with the ability to steal browser authentication cookies
Hackers are showing particular interest in Windows Subsystem for Linux (WSL). When developing malware, hackers are seeing WSL as a new attack surface. Malware attacking via WSL has advanced configuration with the ability to spy or download and install additional malicious modules.
As the name suggests, WSL allows running Linux binaries natively on Windows in a Linux kernel emulation environment.
Based on newly obtained samples, the researchers found that malware targeting WSL is based on open source code that routes communication through the messaging service Telegram and allows remote attackers to gain access to the compromised system. .
The first WSL malware was discovered about a year ago. Since then, their number has continuously increased. Although based on publicly available source code, the ability to detect WSL malware is very low.
Among the samples analyzed, the most notable was a piece of malware that could act as a remote access tool (RAT) or set up a reverse shell on an infected host.
One of the more recent models called RAT-via-Telegram is based on the open source tool Pythoon. It has additional functions to steal authentication cookies from Google Chrome and Opera browsers, run commands or download files.
Black Lotus Labs researchers shared that this malware comes with bot token and live chat ID. This shows that it depends on a dynamic command and control mechanism.
Additional functions of this variant include taking screenshots, obtaining user and system information (username, IP address.) to help attackers easily determine what kind of malicious code they should use in next step. Only 2 of the 57 tools on Virus Total flag this malware as malicious.
A second recently discovered WSL malware installs a reverse TCP shell on the infected computer to communicate with attackers. Looking at the code, the researchers found that it used an IP address from Amazon Web Services that was previously used by several entities.
Both of these malware can be used for spying purposes and can download files that extend their functionality.
Over the years, malware creators have improved their skills and are able to create malware that can work on both Windows and Linux. Besides, malware can now simultaneously upload or download files or execute attacker commands.
According to researchers, malware will grow more and more sophisticated. Therefore, to protect themselves or their business, users need to closely monitor system activity (e.g. SysMon) to identify suspicious activity and investigate commands.
David PacYou should read it
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
- What is FormBook Malware? How to remove?
- Things to know about Gauss malware
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Malware? What kind of attack is Malware?
May be interested
- Cookie in PHP
cookies are text files stored on the client and they are kept for the purpose of tracking. php supports http cookies. - How to Enable Cookies on Safarithis article shows you how to enable cookies on your mac or iphone safari browser. cookies are small files that safari saves to your computer or smartphone's memory to make your browsing experience more private and convenient.
- How to protect bank accounts, Facebook, ... from appropriationthese types of hidden extensions containing malware can steal personal information, attack bank accounts, gmail, facebook, ... easily.
- Web11: HTTP Cookies and some security issuesin this article, tipsmake.com learns about cookies and related security issues.
- How to enable Coalition cookies, how to disable/enable cookies on iPhoneleague of legends players enabling cookies may be difficult for some players who are not familiar with these settings.
- How to delete cookies on Chrome with each websiteto speed up the chrome browser, deleting cookies and browsing history will need to be done regularly. so what if you want to delete cookies from each website?
- Cookies do not damage your computer?cookies are considered simple messages that are managed by a website, actively sent to the web browser that is being used to surf the website, in order to monitor the activities of the person viewing the website.
- New Symbiote malware is capable of infecting all processes running on Linux computerssymbiote has the ability to infect all processes running on the compromised system to steal account credentials and other data.
- Why is Infostealer malware the biggest new malware concern?often distributed in a malware-as-a-service model, infostealer malware is often used to steal data, remaining hidden for as long as possible.
- How to view Cookies on Chromecookies help the browser save the user's information such as login information, personal settings ... in this article, software tips will guide you how to view cookies on chrome.
Technology
- Microsoft released patches for more than 100 security holes on Windows
- How to protect and recover data against unexpected risks?
- Warning malicious code is spread through email, there is a risk of losing all data
- Google updates an urgent security vulnerability for 3.2 billion Chrome users
- Instructions to install NAS DS1621+ as a file server for businesses
- Microsoft admits that hacker Lapsus$ stole the source code
Microsoft released patches for more than 100 security holes on Windows
How to protect and recover data against unexpected risks?
Warning malicious code is spread through email, there is a risk of losing all data
Google updates an urgent security vulnerability for 3.2 billion Chrome users
Instructions to install NAS DS1621+ as a file server for businesses
Microsoft admits that hacker Lapsus$ stole the source code