silversurfer

Level 50
Verified
Trusted
Content Creator
Malware Hunter
Intezer security researchers have discovered a new backdoor targeting Linux systems with the purpose of spying on users.
Dubbed EvilGnome, the threat disguises as a Gnome extension and appears related to the Gamaredon Group, an alleged Russian threat actor. The analyzed sample appears to be a test version that was uploaded to VirusTotal by mistake.

The implant was found to include unfinished keylogging capabilities, as well as comments, symbol names and compilation metadata that isn’t normally found in production versions.

EvilGnome is capable of taking screenshots, stealing files, capturing audio recordings from the user’s microphone, and downloading and executing further modules.