EvilGnome, A New Backdoor Implant Spies On Linux Users

By   ISBuzz Team
Writer , Information Security Buzz | Jul 19, 2019 10:08 am PST

According to this link, https://thehackernews.com/2019/07/linux-gnome-spyware.html, security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware. 

  • Designed to take desktop screenshots, steal files, capture audio recording from the user’s microphone as well as download and execute further second-stage malicious modules 
  • EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops 
  • The Linux implant also gains persistence on a targeted system using crontab, similar to windows task scheduler, and sends stolen user data to a remote attacker-controlled server 

Javvad Malik, Security Awareness Advocate at KnowBe4:

Javvad Malik“While Linux-specific malware is not unheard of, it isn’t common. One interesting aspect of this malware is how it masquerades as a legitimate GNOME extension to get users to install on the systems. This is another reason for administrators to validate and vet any extensions or apps which promise extra functionality before installing on live production systems” 


Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x