Hackers could turn Windows Subsystem for Linux into a secret weapon

The number of malware strains targeting WSL is growing

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Windows Subsystem forLinux(WSL) is becoming a breeding ground formalware, cybersecurity researchers are saying.

While WSL-based malware is not particularly new (spotted as early as September 2021), it’s been rising in popularity among cybercriminals of late. Speaking toBleepingComputer, cybersecurity researchers from Lumen Technologies said they’ve managed to track more than 100 samples since then.

The samples vary in complexity, as well as features on offer. While some are relatively simple, others enable threat actors to remotely access devices, run arbitrary code, steal authentication cookies from specificbrowsers, or download files.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Low detection rates

Some variants are designed as stage-one malware, allowing threat actors to take screenshots and obtain system information, which help them determine the next steps in compromise, the researchers further stated. Others are built as pure espionage tools.

The worst part is that these malware variants are relatively difficult to spot, even though they’re usually based on code that’s available to the general public. In fact, Lumen Technologies’ Black Lotus Labs recently discovered that out of 57antivirus solutionsput to the test, only two flagged these variants as malicious.

Windows 11 users can now install WSL from the Microsoft Store>Windows 11 takes a big step forward with full release of Windows Subsystem for Linux app>Windows 11 WSL 2 is almost as quick as running Linux natively

All of these things - more features, persistence, low detection rates - make WSL-based malware a real threat, the researchers concluded, especially with active C2serverinfrastructure in place.

Those interested in keeping safe from WSL-based malware,BleepingComputeremphasized, need to closely monitor system activity (SysMon, for example), and look for suspicious happenings.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WSL was first showcased in 2016, together with theWindows 10Anniversary Update. It was described as a new way to access GNU and Linux tools, without the need for two separateoperating systems. While at first it didn’t provide full access to the Linux kernel, this was made possible in mid-2019, when WSL 2 was released.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set