Security researchers recently uncovered a new attack method in which hackers managed to let their malware bypass all known security measures. Commonly referred to as Bashware, this attack leverages Windows’s built-in Linux shell to such an extent that malware manages to affect a PC despite anti-virus and all other software tools.
This new technique which targets PC’s running on Windows 10, has made over 400 million computers susceptible to the malware, according to researchers at Check Point, who first became aware of Bashware.
The researchers in question stressed how alarming Bashware really is, as it demonstrates how easy it is for hackers to infiltrate and take advantage of the Windows Subsystem for Linux (WSL). Researchers Gal Elbaz and Dvir Atias stated that they tried to counter Bashware with the most leading anti-virus protection software, and so far, Bashware has managed to bypass every known security method.
Windows integrated Linux in Windows 10. A feature included specifically for coders and developers, as this feature made it easier for developers to test code on both Windows and Linux. Currently, WSL requires the user to manually activate this feature in Windows 10, but another aspect of Bashware is that it can automatically activate WSL which allows it to run the malware.
What is unique about Bashware is that it does not operate the way most malware does. It does not have to leverage any specific point of logic or find a flaw in implementation, but the reason why Bashware works so well is the lack of knowledge on the part of security software since this seems to be new technology which is expanding the borders of Windows operating systems.
What is also unique is that hackers aren’t required to write specific malware programs for Linux in order to run them on Windows. Rather, Bashware installs a program called Wine, which launches and manages to hide all malware known to Windows.
One obstacle in Bashware is that hackers need to have the victim’s PC details. Yet, considering the increased rate of cyber crime and being able to gain access information via methods like phishing, even this doesn’t seem like something which could stop a well-versed hacker. However, perhaps these acts could be better monitored in order to prevent hackers from installing Bashware at all.
Researchers involved with uncovering Bashware has stressed the importance to try and find the necessary technology to subvert attacks of this nature.
According to Microsoft, they have already taken the first steps in trying to find a solution to Bashware. Yet, the spokesperson for Microsoft confirmed that their assessment views Bashware as something which has low risk. According to the spokesperson, Developer mode is not enabled by default. So, for Bashware to be effective, hackers would need to enable developer mode, install the component, reboot, and then install WSL in order to continue installing other malware.
While it is unknown which specific products Bashware was able to bypass, both information security companies Symantec and Kaspersky have made claims that their products were at least able to detect attacks, if not deter them.
Symantec confirmed that their scanners, machine learning, and security technologies have been designed to detect all malware created while using WSL. Similarly, Kaspersky has confirmed that they are working towards more efficient technologies in order to detect this specific type of malware. Kaspersky hopes to be able to block all such malware in WSL by 2018.