EvilGnome: A Linux Spyware Which Can Record Audio & Steal Your Files


Malware is very common in Windows and Android world as we often hear of new malware now and then getting created for these two platforms. But it’s rare to find a malware affecting Linux systems.

In early July, the researchers from Intezar Labs found a new malware named EvilGnome which inherits unique functionalities. EvilGnome masquerading as Gnome Shell extension and starts spying on the users. Even most of the popular and world-class Anti-Viruses are not able to detect this malware.

According to Intezar Labs, this malware can take desktop screenshots, steal your files, capture the audio from the user’s microphone and can run several other functionalities which can completely hamper your privacy.

Researchers have also found that this malware has unfinished keylogger comments, symbol names and compilation metadata which typically do not appear in production versions.

How does this malware infect a Linux System?

EvilGnome infects the Linux system through a self-extractable archive which is created using the makeself shell script.  This spyware adds a gnome-shell-ext.sh shell script to the affected Linux machine’s crontab and this script to checks every minute whether the EvilGnome spyware is still running functioning or not.

There is a total of 5 modules of this spyware and each module runs in a separate thread. The sources suggest that this malware has a relation with Gamaredon Group. This group belongs to Russia and it is active since 2013.

Leave a Comment