Bashware: the technique that makes malware bypass security
Table of contents:
Every time we find more sophisticated malware, which in many occasions escapes all security controls. Partly it's thanks to a technique called Bashware. This technique allows malware to use a feature of Windows 10 called Subsystem for Linux (WSL) and thus prevents security software installed on the computer.
Bashware: The technique that makes malware bypass security
This WSL works with Bash commands, which users type into a CLI. In this way, they make shell commands their Windows counterparts. The data is processed within the Windows kernel and a response is sent. Both the Bash CLI and a Linux file.
Bashware active since 2016
Bash was developed by Microsoft in its day with the idea that users using Linux would see how easy it is to use in Windows 10. The WSL function has been in development since 2016. Although Microsoft has already announced the arrival of a stable version with Windows 10 Fall Creators Update. If we focus specifically on Bashware, it is a technique that allows you to use the secret Linux shell in Windows 10. In this way malicious operations are hidden.
Researchers say that current antivirus does not detect these operations. Because they lack support for Pico processes. Although luckily Bashware is not a foolproof method. Mainly because it requires administrator permissions. Those malicious programs that reach Windows 10 need administration level access. Only then can they enable the WSL function. Function that is disabled by default.
The problem is that the Windows attack surface has many EoP flaws. So it is not too complicated to get the administrator permissions. And when the attacker succeeds, he can put Windows 10 in developer mode. So the danger of Bashware is real.
Mobile security: the at & t security application for android
Mobile Security: AT & T's Android security application. Find out more about the security application launched by the operator.
Total security warhammer ii breached security within hours
Total War Warhammer II's Denuvo security breaks in hours. Find out more about the problems Denuvo faces.
Gigabyte implements security measures against intel's txe and me security vulnerabilities
GIGABYTE TECHNOLOGY Co. Ltd., a leading manufacturer of motherboards and graphics cards, has implemented security measures aligned with the