The Linux subsystem on Windows 10 allows malware to hide without being detected
Last year, Microsoft surprised everyone by announcing the launch of Windows Subsystem for Linux (WSL) on Windows 10, allowing the Shell command line to be put on Linux on Windows so users could run native Linux applications right on. Windows without using virtualization tools.
However, Check Point Software Technologies researchers have discovered security issues with WSL, which may allow malware designed for Linux to target Windows computers without being detected by security software. .
Researchers have created a new attack technique called Bashware that takes advantage of the WSL feature on Windows, which is now in beta and ready to be available on Windows 10 Fall Creators Update in October this year.
Bashware cannot be detected by security software
According to researchers at Check Point, Bashware may be abused by malware on Linux because Windows security tools are unable to detect this threat.
This new type of attack allows an attacker to hide the Linux malware from all security tools, including the latest software, malware detection, virus removal, extortion codes .
The reason given is that current security software for Windows is not designed to manage Linux execution processes on Windows OS. 'Existing security tools have yet to adapt to the Linux execution process running on Windows, a hybrid concept that allows Linux and Windows to run concurrently.' 'This could open the door for an attacker to run malicious code and use the functionality provided by WSL to hide themselves from security tools.'
Who is a sinner? Microsoft or security solutions?
To run Linux applications in a standalone environment, Microsoft introduced Pico Processes - a container that allows running binary ELF on Windows. During the test run, researchers can experiment with Bashware attack on 'most existing antivirus and security products' and successfully overcome them.
That's because no software monitors the Pico process, even if Microsoft has provided Pico API, a special application programming interface used by security companies to monitor such processes.
'Bashware does not use any logic or executable errors in WSL. In fact, WSL seems to be very well designed. ' 'What allows Bashware to work is because companies that provide security software are not aware because this technology is quite new.'
Bashware attacks require admin rights, is it more difficult on a PC?
Bashware requires administrative rights to access the target machine, but it is not difficult to capture administrative rights on Windows PC through phishing attacks or theft of login information.
However, these types of attacks are easily detected by security software, causing them to be blocked before Bashware can attack.
Since WSL is not turned off by default, users must turn on 'Development Mode' on their device to use it, the risk is also reduced somewhat.
Current security software cannot detect Bashware
However, researchers at Check Point also said that there is a little known fact that the developer mode can be turned on by editing some Registry Keys, which can be done silently in the background when The attacker has the right.
Bashware attack technique automates the necessary process by silently downloading WSL elements, enabling developer mode, and even downloading and extracting Linux system files from Windows servers and running malware .
No need to write separate malware
The interesting thing about Bashware is that hackers don't need to write their own malicious software for Linux to run through WSL on a Windows machine. That's because Bashware installs software called Wine inside the downloaded Ubuntu environment, then runs the Windows malicious code over it. This malicious code will then launch in Windows as a Pico process, so security software cannot be detected.
400 million computers have potential before Bashware threat
New attack techniques do not use any WSL vulnerabilities because security products do not pay attention to WSL. Because Shell Linux is available on Windows, there may be up to 400 million PCs running Windows affected. Check Point said that its software has been upgraded to combat this type of attack and recommends that other software be updated quickly.
You should read it
- Instructions for installing Windows Linux Subsystem on Windows 10
- Malicious Code EvilGnome attacks Linux systems with many rare tricks
- How to install Windows Subsystem for Linux 2 on Windows 10
- Signs that your computer is infected with malware
- Discover a new kind of malicious code that can record the phone call to extort money
- Fileless malware - Achilles heel of traditional antivirus software
- How to run Linux desktop using Windows Subsystem for Linux
- How to Enable the Windows Subsystem for Linux
May be interested
- How to unregister and reset Windows Subsystem for Linux (WSL) distros on Windows 10this guide will show you how to unregister and reset the windows subsystem for linux (wsl) distro to the default settings in windows 10.
- 6 Reasons You Should Try Windows Subsystem for Linux (WSL)while windows is popular with casual users due to its ease of use and flexibility, linux has a large market share among professional users.
- Microsoft released a tool to run any version of Linux on Windows 10microsoft has just released a tool for anyone who likes linux using linux kernel versions running on windows subsystem for linux (wsl).
- Malware WSL appeared with the ability to steal browser authentication cookieswindows subsystem for linux (wsl) has not been released for a long time, but there is already malicious code targeting this system.
- Running Linux on Windows 10 does not require a virtual machine, here are 18 things you should knowthe windows subsystem for linux (wsl) feature - also called bash, helps programmers run ubuntu directly on windows without the need for a virtual machine. the following article will help readers better understand linux tools - wsl.
- How to install Windows Subsystem for Linux (WSL) on Windows 11windows subsystem for linux (wsl) is a set of tools that allows you to run linux software on your windows pc, and windows 11 is no exception.
- Microsoft will release Linux 'genuine' Linux kernel with Windows 10 WSLmicrosoft will start 'shipping' a built and customized linux kernel (linux kernel), first applied to windows 10 insider builds this summer. it is known that this kernel will act as a backbone of windows subsystem for linux 2.0 or wsl2.
- Linux GUI applications can run on Windows 10on april 21, microsoft announced that linux gui applications can now run on windows 10 using windows subsystem for linux (wsl). using this feature, you can run any possible gui application on linux or run your own applications or test on linux.
- 2022 could be the year of Linux malwarethe number of malware (malicious code) detected on linux environments is increasing alarmingly, along with the popularity of internet of things (iot) devices.
- Kali Linux is available on the Windows Store but is flagged by Windows Defenderkali linux is available on windows 10 store for use with windows subsystem for linux, but it cannot bypass windows defender.