Now it’s Microsoft’s Linux that is used to attack Windows and its users

Deepak Gupta May 29, 2022
Updated 2022/05/29 at 1:22 AM

The union between Windows and Linux seemed to be one of Microsoft’s best bets in recent years. In a transparent way, these 2 systems came together and give users features that until now were not mixed.

Microsoft has taken over the development and maintenance of this proximity and now it has a problem on its hands. From what has been revealed, there is a security hole to be exploited that allows Microsoft’s Linux to be used to attack Windows.

WSL used to attack Windows

New to Windows, WSL has been seen as a new gateway for attackers. These have been exploring what Microsoft's Linux can offer them in order to develop their activity and attack users.

The proof of this is in a new attack that has been discovered and that will be exploited by the attackers. It uses WSL and using open source based malware, forwards communications to Telegram and provides the remote agent with access and control of the compromised system.

Windows WSL Linux Microsoft Malware

Malware Uses Linux to Get Data

These malicious Linux binaries for WSL were first discovered over a year ago. Since then, your number grew steadilywith variants having low detection rates despite being based on publicly available code.

One of the more recent examples uses an open source Python-based tool called RAT-via-Telegram Bot. This allows control over Telegram and comes with functions to steal authentication cookies from Chrome and Opera browsers, as well as being able to execute commands or download files.

Windows WSL Linux Microsoft Malware

Microsoft does not always detect these attacks

This malware is known to have a bot token and conversation ID, indicating an active command and control mechanism. Additionally, it may have additional functions that include taking screenshots and obtaining information (username, IP address, OS version), which helps the attacker determine which malware or utilities can be used in the next phase of the attack. .

The general recommendation for users to defend against WSL-based threats is to keep an eye on system activity. This way they can determine suspicious activities and investigate commands that are being used.

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.