Not much to see here - move along. But, infn you want some info don't bother with the article and go straight to the comments. Smiley face goes here but we're to grown up for that.
If you install from the repositories, you will never see malware. They scare us to force us to sign up for useless security software.
I actually do think it's quite interesting. It shows us that Linux should be secured and monitored properly on corporate networks and is not immune to malware. Wrong, I guess you didn't read this thread: https://www.wilderssecurity.com/thr...untu-hit-with-another-crypto-scam-app.453603/
Snap is a store where more or less everyone can publish apps, not a repository maintained by distribution developers
Meh. The article starts with never seen before exploit panic panic, then turns out you need to run Magento, server for this to be even applicable. I also don't like when articles focus on what malware does ONCE installed - but the interesting thing is what happens before, not after. It's like saying, once you put your finger in boiling water, wait, why would you. Mrk
And your point is? I don't know much about Linux, but it seems like the Snap store is used by most users on Ubuntu, or isn't this true? I have to disagree. The fun starts when malware has already bypassed AV and it still can't achieve its goal. That's the whole point of so called behavior blockers.
If someone manually downloads a binary, runs it - and then things happens, that's not quite remarkable. If something can exploit a service, or perhaps there's a memory usage problem in something like JS in browsers, that's a completely different thing. How the intruders gets in is 99% of the story. But that doesn't make for alarmist headlines. Mrk
When ever I see a headline like that, alarm bells start going of. the click bait alarm bell and there is not to this story than the headline, like not what the headline implies. Just like this one.
I'm sorry but I believe you guys don't make any sense. This malware was installed on Linux servers via some exploit. Which means that whatever anti-exploit tool they were using (if any at all) failed to block it. After this, the malware could apparently do whatever the heck it wanted since AV/behavior blocker also didn't step in. So that's why it's always very interesing to know what the object of this malware was so that behavior blockers can be trained to block this, the next time this type of malware is somehow able to run on after AV bypass. Nothing more, nothing less.
If you read the article, this happened on a Magento ecommerce server - you need to run this thing to begin with - open port, accepting requests on the Internet as part of your functionality. And this is no different than any 1-click exploit for any service. Nothing to do with Linux per se, except the service runs on Linux. Most likely, such servers do not run any AV at all, because such tools are rarely used on Linux (not that they're needed anywhere, but hey). Without specific details on how the exploit works, it's fearmongering. Mrk
I still don't see your point. Do you mean that this article makes Linux look bad or what? But how is this any different than some Windows user being hacked via some Firefox exploit? This is how stuff works, most of the time hackers use some third party app like a browser or office software to get malware up and running on for example Windows or macOS. Sometimes they combine a browser exploit with an OS exploit. At the end of the day, this malware was running on Linux, so the interesting part is that apparently malware running on Linux is just as dangerous as on Windows, since they have the same capabilities.
The point is, this has nothing to do with Linux. You have a web server, it has a vulnerability, and through the vulnerability, attackers can exploit the system. The fact it runs on Linux is irrelevant. This is not a end user problem - it's not a home system where you GO somewhere and maybe land on a problem, and your browser gets exploited. This is a server, wholly designed to actively accept requests all the time. Malware running on Linux is also not important in this context - I can write malware in 4 seconds for any OS - how it gets deployed is all that matters. In this case, the problem isn't with Linux, but the service that was exploited. Again, nothing special or different from a million other such examples. Mrk
It is very much relevant that it runs on Linux. Most people probably think that malware running on Linux (server or PC) can't do any serious damage. And again, if some user gets hacked via Firefox, and he's running Windows, then it also hasn't got anything to with Windows with your way of thinking. But why do you feel the need to keep stressing this? Who cares that it's a server? And yes, of course servers are hacked in a different way than how PC's get hacked. Normally speaking there are two ways to hack a system, either automatically via exploit, or manually via user install. It's the same on both servers and PC's. Exactly, Linux was not exploited in this particular case, but Linux also has its fair share of holes. And apparantly these Linux servers weren't secured or monitored properly. That's why these articles are so important, to spread awareness about Linux based malware. There is nothing ''clickbaity'' about this, see links for more info. https://arstechnica.com/information...cessful-exploit-of-a-linux-server-looks-like/ https://medium.com/@tesla8877/explo...ating-system-real-world-examples-d05739baed4b
