Many years ago, my mentor in Linux invited me to switch to the penguin system and among what he said there was a "in Linux there are no viruses." That was neither nor is it true; What is certain is that, since it is more secure and is used by an immense minority (on the desktop), we are not the main target of cyber criminals. But neither strength nor being a "small" objective guarantees us to be 100% sure, something that has been demonstrated again after the discovery of EvilGnome.
The first thing to keep in mind is that the "Gnome" part that appears in the name with which they have baptized this virus is related to the famous graphic environment for Linux, but that does not mean that it will affect a few operating systems. Best of all, its discoverer, Intezer (here his article on malware) discovered the malicious software while it was still in the early stages of development, although it already included several dangers in the form of tools to spy on users.
EvilGnome, a rare Linux virus
EvilGnome does not look like most viruses that have been discovered for Linux. It has been difficult to discover it, but once in the spotlight it has been known that it was designed to capture all kinds of data from our computer, such as desktop screenshots, stealing files, recording audio or even loading and executing other malicious modules, all without us noticing what is happening.
Its name comes from trying to impersonate an extension of GNOME, the graphical environment. It is presented as a script created with make yourself, a small shell script that generates a compressed and self-extracting TAR archive from the desktop. It is kept in the operating system using crontab and sends data to a remote server owned by the attacker.
Persistence is achieved by registering gnome-shell-ext.sh to run every minute in crontab. Finally, the script runs gnome-shell-ext.sh, which in turn launches the main gnome-shell-ext executable.
A malware with 5 parts
EvilGnome is made up of 5 modules, all of them malicious:
- ShooterSound use PulseAudio to record audio from the microphone.
- Shooter Image use Cairo to take screenshots.
- ShooterFile use a list of filters to scan files.
- ShooterPing receives new commands from remote server.
- Shooter Key it is a keylogger.
The five modules above will send / receive the data to / from the attacker's server.
To check if we are affected, we have to look for the executable file "gnome-shel-ext" in the path ~ / .cache / gnome-software / gnome-shell-extensions. As I mentioned before, that EvilGnome receives its name from GNOME Desktop and pretends to be an extension of the graphical environment does not mean that, for example, Plasma users are safe, especially if we have to test a lot of software. This malware could install itself in the mentioned path.
On the other hand and as always, it is recommended to keep the software updated and download the software only from official sources.
If we start out not knowing the difference between viruses, Trojans and rootkits ... we are off to a bad start. If we get down to the typical cliché of "how few use it there are fewer viruses. Typical stupidity defended by stupid people who repeat the mantra once heard. A lie repeated a hundred times comes to be taken for truth. GNU Linux is not more secure because fewer people use it, GNU Linux is more secure because it has a permission system that makes it more secure than other operating systems. Linux was born to be a multi-user system and has been developed on this premise. Unlike windows, for example, which was created by pressing on to be a single-user system and on this basis and weighed down by backward compatibility it has evolved in the way it has. Design problems that creep over time. In windows many system processes run with normal user permissions, unlike in linux where to run these processes you need root permissions. No system is invulnerable, but some are more secure than others by design. In a world where most internet servers run on Linux, it would be more logical to attack those servers since millions of computers connect to them in one way or another. If you poison the pond where the herd drinks, you will poison the entire herd. If it is difficult to attack those servers for something it will be and it is not because they are less used. Most are GNU Linux.
No. Virus developers focus on the system that is easier to attack, like weekend climbers focus on climbing Everest and not K2. Virus developers have a lot of time to waste as long as they can choose to achieve a goal. Nobody pays them and nobody controls them. They do not have to clock in or out. Attacking the Linux servers of Bank X will earn them more money, if they succeed, than attacking 1000 Windows PCs of their users. So why don't you attack the bank's server and attack the users' PCs? Because it is more difficult to attack the server even if you have its source code in view. Design issue. A Formula 1 car is not safer than a utility vehicle because fewer people use it. It is safer because it has been designed to be more secure. Design issue. Although in the hands of an ignorant it can be as unsafe as a Chinese car. If you want to convert to Windows more secure, you just have to give up backward compatibility and rewrite the system from scratch, establishing strict user account control (as Linux does). As long as you don't, it will continue to be a drain because all you will do is patch and patch to infinity. And continuing with the topics, it is foolish not to use a system that is more secure than another, regardless of what you think is more secure. Because we are talking about security and not about how many use it or stop using it. Because regardless of what it is, is Linux more secure than Windows, currently? If then why don't you use it? Because patatin…. because they potato…. does not matter. They will find a thousand and one excuses not to use it. That if nobody uses it, if they don't like penguins, if they prefer Batman ... In psychology we call this cognitive dissonance.
Baton:
Lots of speculation and looooong blah based only on your personal way of perceiving things. At the kilometer you can see that you have never worked for something serious like a bank or government data centers. If you knew that only less than 30% of the vulnerabilities that are discovered echo and reach pages like this, you would not walk around as a mentor-computer guru-ego + 9000 explaining those stupid things that you say in the most arrogant way that comes out.
pablinux
Hahaha So you know criminals and don't report them to the authorities? Either you are his accomplice or you speak of yourself in the third person…. hahaha be careful with what you say ... if someone really sees you as a father-I confess and tell you his reasons why he should be in jail xD
Viruses for Linux must be installed by the user for the most part. Even with a vulnerability it is difficult for a user-space bad program to escalate privileges autonomously. As they say above for the permit system.
The problems are the users poorly educated technologically by Windows systems (in which it is normal to search for software in Google and pirate proprietary software).
Although stones also fall within the community from the hand of Ubuntu and MS lovers that bring postmodernism to systems with attempts of new software installation systems (nor that it was difficult to choose a program from a repository with software that does not even show the packages like those included in Debian or Fedora with their GUI included). Or even with the stupidity of sudoers ... which are nothing but opportunities open to attacks by social engineering, where malicious software or a vulnerability could trick the user and ask for the session password to escalate privileges.
It is absurd that an MS system is generally compared to the hundreds of GNU / Linux distributions in the same bag. But even more so is the sensationalism of putting a community that can solve critical bugs in hours on the same level as a system (Windows) that can be infected by a rootkit simply because it is connected to the internet.
A vulnerability in gnome is not the same as a vulnerability in Linux, dear turnips.
They are talking about GNU / Linux Caranabo. Linux is a kernel.