EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

https://thehackernews.com/2019/07/linux-gnome-spyware.html

Some excerpts:

"Security researchers have discovered a rare piece of Linux spyware
that's currently fully undetected across all major antivirus security
software products, and includes rarely seen functionalities with regards
to most Linux malware, The Hacker News learned."

"EvilGnome malware masquerades itself as a legit GNOME extension, a
program that lets Linux users extend the functionality of their
desktops."

""Persistence is achieved by registering gnome-shell-ext.sh to run every
minute in crontab. Finally, the script executes gnome-shell-ext.sh,
which in turn launches the main executable gnome-shell-ext," the
researchers said."

I so wish that systemd had also been mentioned as an accomplice. :D

golinux