Free Your PC Friday – Malware on Linux? What? I thought...

1 year ago
238

Ransomware Lineup
· CLOP Ransomware
· Royal Ransomware
· ESXiargs Ransomware
#freeyourpcfriday #malware #Linux #PSA #itsathing #avoidit #beaware #TechFreedom #FOSSnews

Free Your PC Friday, Linux malware, PSA, Public Service Announcement, it’s a thing, be aware, be wise, avoid it, Tech Freedom, FOSS News

LMN 1.1 – There’s Malware for Linux? Yes, Here’s How You Can Check for It
Did you think that Linux was magically immune to malware? Think again. Is it harder to find a vector or an attack surface than say Windows? Hell yes, because it was designed to be used in a multiuser environment, not to mention on a network, where Windows started out as a single user, non-networked OS. The other functionality was tacked on, and done so poorly over the years. That is part of what has made it such low hanging fruit for bad actors over the decades. Ok, so what kinds of malware (viruses, etc) can hit, and have been targeted at Linux machines lately? I’ve talked about Critical Vulnerability Exploits before, which leave holes in the “armor” of Linux, but these things usually get patched before they become major problems, so what else? The big group right now is various kinds of ransomware, some target vulnerable virtual machines, others, IoT appliances, and others, larger targets. Other common forms are cryptojackers, Rootkits, and state-sponsored attacks (which can take a myriad of forms, from a wiper, to a trojan, to a keylogger, to a screen recorder or a mic & camera hijacker). What’s ransomware? Malware meant to penetrate a network or system, hunt down key files, then deny access until the attacker’s demands are met. What’s a cryptojacker? A piece of software that silently hiajcks your system’s resources to mine crypto, such as BTC or any other similar proof-of-work sort of coin or token. What’s a rootkit? A piece of software which allows an attacker to gain admin or ROOT level access to your system, from which point they could destroy your install, or steal data, or any other number of nasty things. Ok, primer over.
What can we do about it? How can we avoid these things? How can we handle these things if we get exposed somehow? We can use something like ClamAV, Lynis, Chkrootkit, or Linux Malware Detect to scan and protect ourselves. These are FOSS options that are similar to the Windows anti-malware programs out there, like NOD ESET32, BlackIce Defender, Kaspersky, or PandaAV. These are scanners which depend on up to date defnitions, for the most part. Aside from that, the best way to avoid them is to know the sorts of places where you might be exposed, then avoid them, kinda like you don’t walk through a sewer with a white linen suit on, and expect to come out as clean as you entered. Many of these things live on packages that sit on disreputable githubs or random repos or PPA’s with promises of riches, or convenience, but those packages weren’t what they promised, they contained nasty code meant to do harm to your system and its data. Stay out of the dark web and away from porn sites, as that is one of the main vectors for these things, like mosquitoes with Malaria or West Nile virus. Same idea. Digital hygiene is crucial. Stay out of the sewers and cess pools, stay away from the back alleys and narrow lanes of the internet. Stay on well-trodden paths. Don’t open random crap in your email. Even if it came from an address you know, trust, but verify. Call or text the person first, to make sure that they sent you that file before you open it.

https://linuxsecurity.com/features/how-to-check-if-your-linux-system-is-infected-with-a-virus
#FreeYourPCFriday #malware #Linux #PSA #TechFreedom #FOSSnews

Ransomware Roundup
We have 3 major kinds of ransomware attacks happening in the Linux world right now, two of which target vulnerable virtual machines, and the other is actually a rather weak port of a Windows attack put out by Clop, which is a sophisticated tool which infiltrates, encrypts files, then makes demands of the owners. The Linux version is kinda sloppy and easily beaten, thankfully. The encryption used was weak, and researchers have already released a free tool to recover those encrypted files for you. That is the beauty of FOSS, researchers can look at code directly, patch things, and quickly devise tools to defang attacks like these.
https://techcrunch.com/2023/02/07/clop-ransomware-linux-flaw/
#FreeYourPCFriday #clop #ransomware #malware #Linux #weaksauce #TechFreedom #FOSSnews

Another couple of strains of ransomware have been targeting large outfits, and have been shooting directly at VMWare ESXi virtual machines. Here’s what it does: goes after the virtual machines on servers that major outfits have begun to deploy to more tightly control resource management, isolate things better, and provide an extra layer of resiliency for their infrastructures. Who has been using these sorts of attacks? All sorts of gangs, from Conti, to Black Basta, to Royal Ransomware and others. What do these VM server attacks do? Well, each one is slightly different. Royal’s efforts will target specific kinds of files within each VM, shut them down, encrypt the files, leave the note, then sit back and wait for the organization to either cave to pressure and pay up, or to figure some other way out of their sticky situation. The ESXi-args attack does similar things by exploiting unpatched servers. There is a two+ year old exploit that this attack depends on, so patch your dadgum systems, already.
https://www.bleepingcomputer.com/news/security/linux-version-of-royal-ransomware-targets-vmware-esxi-servers/
https://blogs.blackberry.com/en/2023/02/esxiargs-ransomware-knocking-out-unpatched-vmware-esxi-linux-servers-worldwide

Loading 7 comments...