According to this link, https://thehackernews.com/2019/07/linux-gnome-spyware.html, security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware.
- Designed to take desktop screenshots, steal files, capture audio recording from the user’s microphone as well as download and execute further second-stage malicious modules
- EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops
- The Linux implant also gains persistence on a targeted system using crontab, similar to windows task scheduler, and sends stolen user data to a remote attacker-controlled server
Javvad Malik, Security Awareness Advocate at KnowBe4:
“While Linux-specific malware is not unheard of, it isn’t common. One interesting aspect of this malware is how it masquerades as a legitimate GNOME extension to get users to install on the systems. This is another reason for administrators to validate and vet any extensions or apps which promise extra functionality before installing on live production systems”
