Search

GREAT RIDES & STAYS!
Fab Ads
Previous Thread
Next Thread
Print Thread
Rate Thread
Using the GNOME desktop? Heads Up!.. #145722 07/22/19 07:14 PM
Joined: Aug 2008
Posts: 5,064
Az4x4 Offline OP
Platinum Member
*****
OP Offline
Platinum Member
*****
Joined: Aug 2008
Posts: 5,064

Linux spyware targeting the Gnome desktop has been found.

Very few strains of Linux malware exist in the wild compared to the tens of thousands of Windows viruses that are out there.

Linux's core architecture is difficult to compromise, making it tough for ‘bad guys’ to justify Linux as a target. Overall Linux has been virtually free from serious threats, and those that have shown up don't cause great problems before being stamped out.

A few vulnerabilities in various flavors of Linux have surfaced recently, yet cyber-criminals have largely failed to leverage these to attack Linux, and they've been mitigated at the source almost as fast as they've been discovered.

Much of the malware targeting the Linux ecosystem has focused on cryptocurrency mining attacks by those seeking financial gain, along with creating botnets by hijacking carelessly administered vulnerable servers.

However researchers have recently discovered a new Linux backdoor implant that appears to be in its development and testing stage, malware that includes several modules intended to spy on Linux desktop users, specifically those who use the Gnome desktop.

‘EvilGnome’ is designed to take desktop screenshots, steal data from files, capture audio recordings from the user's microphone, and download and execute yet to be implemented second-stage malware modules. The sample of ‘EvilGnome’ that was discovered and analyzed contains a still unfinished keylogger, meaning it was most likely uploaded by its developer by mistake.

‘EvilGnome’ masquerades as a legitimate extension to the Gnome desktop, disguising itself as a program that supposedly lets Gnome users add functionality to their desktops. Delivered as a self-extracting shell script, achieving persistence on a targeted Linux OS by using crontab (similar to the Windows task scheduler), 'EvilGnome' sends stolen user data to a remote controlled server.

To check if your Gnome desktop is infected with ‘EvilGnome’, look for the "gnome-shell-ext" executable in the "~/.cache/gnome-software/gnome-shell-extensions" directory.

What has been found in the wild so far is believed to be a prematurely released test version of 'EvilGnome'. Newer versions will likely be discovered, but if you're using the Gnome desktop you have an easy way out - simply switch to a non-affected desktop environment like Mate’, Cinnamon, Xfce or whatever.

Open your software manager, search for ‘desktop’, select whatever you like (other than Gnome) and install it. Once done simply reboot, select your new desktop environment at the log in screen, and you’re good to go..


..I'd rather have questions I can't answer, than answers I can't question.. Dr. Phil
Re: Using the GNOME desktop? Heads Up!.. [Re: Az4x4] #145725 07/23/19 02:58 PM
Joined: Jan 2004
Posts: 6,615
Muniac Offline
Platinum Member
*****
Offline
Platinum Member
*****
Joined: Jan 2004
Posts: 6,615
I have MATE and never install any questionable upgrades or fancy perks. The internet has opened the door for an international population of cyber criminals. Very smart too but sadly those skills are misguided. No one on a PC and/or using the internet is completely safe. Relatively speaking, Linux seems to be a much smaller target. Thanks for the heads up.


Evolve & Simplify
Be There or Be Nowhere! A Few Adventures & Video
Re: Using the GNOME desktop? Heads Up!.. [Re: Muniac] #145726 07/23/19 07:53 PM
Joined: Aug 2008
Posts: 5,064
Az4x4 Offline OP
Platinum Member
*****
OP Offline
Platinum Member
*****
Joined: Aug 2008
Posts: 5,064

Originally Posted By: Muniac
..I have MATE and never install any questionable upgrades or fancy perks..... Thanks for the heads up..

The Mate' desktop, together with the Xfce and Cinnamon desktop offerings Linux Mint provides, shows how Mint's developers have steered clear of GNOME 3.x, unlike others such as Ubuntu which now uses GNOME as its default desktop environment after dumping its home grown Unity DE.

The fact that 'bad guys' are starting to target GNOME, seeking to take advantage of various vulnerabilities, has to be worrisome to GNOME users, people who comprise quite a large percentage of desktop Linux users these days.

However, unlike Windows in which you're 'stuck' with what comes out of the box when you buy it, Linux offers its users a variety of desktop user interfaces to select from. So, GNOME users can easily switch from that DE to any of a dozen or more alternatives which are not similarly vulnerable.


..I'd rather have questions I can't answer, than answers I can't question.. Dr. Phil

Web & Site Search
Google
 
Custom TO Customer
Specialty Resource and DONATE
Fab Ads
Boardcaster Updates

Board Upgrade: Board upgrade to V7.7.3 has been completed on Monday Feb 3rd 2020. Ride safely. Enjoy the new software!

Who's Online Now
0 registered members (), 22 guests, and 3 spiders.
Key: Admin, Global Mod, Mod
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Top Posters(All Time)
Reggie 11,645
Muniac 6,615
alexd 5,915
Az4x4 5,064
Moto Psycho 4,684
peejman 4,153
kris 2,366
JerryH 2,152
Paul49 2,112
Doc250 1,643
Forum Statistics
Forums38
Topics16,829
Posts151,287
Members6,003
Most Online279
Dec 6th, 2019
Newest Members
RickRandom, Krista, JimmyJam, gotwake5, Finchy
6003 Registered Users
March
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Powered by UBB.threads™ PHP Forum Software 7.7.3