2

Repost of a deleted post on devrant

We might have some hackers targeting linux also now.
https://techrepublic.com/google-amp...

Comments
  • 1
    Might*
    Ofcourse, it is nothing new.
  • 1
    @Linux I was going to ask how this was a new thing! XD
  • 6
    If it's on the Internet, it's a target.
    It's just breaking into Windows servers has been suffice since that's usually been enterprisers.

    #MaLinuxGetNoViRuZeS
  • 0
    Kaspersky is probably going to launch an antivirus for linux. Lol, is that even a thing yet or even possible?
  • 0
    @C0D4 Umm this linux virus existed
    https://google.com/url/...
  • 0
    @AkshayTolwani I'm well aware linux isn't "safe", it's just not the go to target for malicious attacks; but that's not to say it's not a target.

    https://hacked.com/linux-ransomware...
  • 5
    This has been going on since Linux servers came into existence 😅
  • 3
    You read it here, folks. Two Linux+/i have spoken.
  • 0
    @AmyShackles What does this mean? 😅
  • 2
    @linuxxx I just mean if anyone would know about Linux-related things, it would be people who intentionally use it as part of their handle. 😅
  • 1
    @AmyShackles Ohhh right 😄
  • 1
    The article is beating around the bush because it's easy to write malware for Linux, but the actual question is, how to get it on the target system?
  • 5
    I liked the part where the article told me absolutely nothing new.
  • 0
    *yawns
  • 2
    🤭
  • 0
    @Fast-Nop The same way malware gets on windows machines
  • 0
    @AkshayTolwani That doesn't work as well because unlike Windows, executables under Linux are not marked via their file extension - which under Windows is even masked out by default so that invoice.pdf.exe looks like invoice.pdf. Under Linux, you have to set the +x flag manually.

    On top of that, it's not common under Linux to download executable programs from the internet because the package manager is used for installation.

    Targeting distro repos would of course be an option for attacking downstream PCs, but that moves the question towards how to take over the repo servers.
  • 1
    @Fast-Nop This and also kernel modules like SELinux and other measures Linux takes make it a lot harder to gain initial access.
  • 0
    @linuxxx The one risk I was able to find as desktop threat seems to be desktop launchers because they don't need the +x flag set to execute.
  • 1
    @Fast-Nop Mostly true I think but this would gain user level access (I'm hoping you wouldn't do this as root) so you wouldn't be able to easily exit user space into level 0.

    But this also depends on if you use SELinux for example and on your firewall config.
  • 0
    @linuxxx User level is enough because the precious thing on a computer isn't the system - it's the user data. Same situation as under Windows.

    I don't think many people use SELinux for desktop, and the firewall is usually set to allow outgoing connections. Since a trojan contacts the CC server, the trojan is a client application on TCP level, so that works.
  • 2
    I remember reading about a type of home security camera you could find on shodan which had a default publicly available web interface that had an exploit that allowed you to run shell commands through the URL (yeah it was terrible). So you could easily get ssh access, root, etc. And if you ever log into one of these boxes you see tons of cryptocurrency miners and other malicious software all over the place using up 100% cpu and other such stuff.
Add Comment