New Malware Bashes Microsoft Windows 10

Many Windows 10 users welcomed the arrival of Windows Subsystem for Linux (WSL) with open arms, BUT the relationship between Microsoft and Linux has revealed serious security issues.

The new technique called Bashware allows malware to use WSL to hide malicious operations and get passed any security software. Check Point security researchers say that the current security software, which includes next-gen anti-virus solutions, cannot detect these operations.

"We have recently found a new and alarming method that allows any known malware to bypass even the most common security solutions, such as next generation anti-viruses, inspection tools, and anti-ransomware. This technique, dubbed Bashware, leverages a new Windows 10 feature called Subsystem for Linux (WSL), which recently exited Beta and is now a fully supported Windows feature."

While it is true that Bashware needs admin access, it is apparently not that difficult to obtain! The way that Bashware attacks means that administrator access is required to gain entry to the target PC, getting these details on a Windows PC by using a phishing attack or stolen admin details is not hard at all for attackers who are both skilled and motivated.

The WSL feature is not turned on by default, meaning it needs to be manually enabled on the targeted computer and then Windows 10 Development Mode needs to be turned on.

The bad news is that Development Mode can even be turned on by the attackers pulling a few strings in the background, modifying a few registry keys and then waiting patiently for the unaware PC user to reboot their computer.

Once this stage is reached and WSL is enabled successfully, attackers can sneakily download the Linux file system from Microsoft's servers and complete the WSL installation. When this process is finished, the cyber attackers can then use the Bash CLI (Command Line Interface) to begin their Bashware malware operations.

The interesting thing about the Bashware technique is that the hackers don’t need to write malware programs for Linux to run them through WSL on Windows PCs. All the hacker need to do is install Wine – a Windows emulator for Linux.

In short, here’s what Wine is: Wine allows the attacker to execute malicious Windows commands that Wine translates to Linux commands that WSL transforms back to Windows operations, and runs on a targeted system.

The malware can then be initiated into Windows as Pico processes which can be hidden from security software.

Security industries are being urged to act fast and update their security solutions and try and provide protection against the Bashware attack technique.

Now that the Linux shell is available for Windows users, it is believed that Bashware has the potential to affect as many as 400 million PCs running the Windows 10 operating system!

“Bashware is so alarming because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products.”

Please do not hesitate to contact The Computer Guyz in Cape Town or Centurion and we will advise and assist wherever possible. 

There is no concrete way to prevent malware / virus, but we will make every effort to make sure our clients are protected!  Give us a call on 087 001 0511/2 or email sales@tcgcape.co.za