Malware is a common thing in the Windows and Android world, but Linux malware is rare owing to the core architecture of Linux. However, researchers from Intezer Labs have discovered a new strain of Linux malware dubbed EvilGnome, which exhibits rare functionalities.
The Linux malware hides as a Gnome Shell extension and is intended to spy on users. No known anti-virus software is currently capable of detecting the malware. As per the researchers, EvilGnome is capable of taking desktop screenshots, stealing files from users, spying on the desktop’s microphone to capture audio from it and several other functionalities that could compromise your security.
Researchers have discovered that Linux malware also has an unfinished keylogger functionality and “comments, symbol names and compilation metadata which typically do not appear in production versions.”
EvilGnome infects its targets via a self-extractable archive that is created using the makeself shell script. To make sure that the malware is still running on the infected machine, it adds a gnome-shell-ext.sh shell script that checks the infected computer every minute.
There are five different modules of the malware and each module is capable of running in a separate thread.
The researchers believe that EvilGnome is connected to Gamaredon Group, a Russian threat group active since 2013.
You can read the entire EvilGnome analysis here.