Security 10799 Published by

Bleeping Computer reports that a new Linux malware masquerading as a Gnome shell extension and designed to spy on unsuspecting Linux desktop users was discovered by Intezer Labs' researchers in early July



The backdoor implant dubbed EvilGnome is currently not detected by any of the anti-malware engines on VirusTotal [1, 2, 3] and comes with several capabilities very rarely seen in Linux malware strains.

"EvilGnome’s functionalities include desktop screenshots, file stealing, allowing capturing audio recording from the user’s microphone and the ability to download and execute further modules," Intezer researchers found.

"The implant contains an unfinished keylogger functionality, comments, symbol names and compilation metadata which typically do not appear in production versions."
  New EvilGnome Backdoor Spies on Linux Users