Intezer security researchers have discovered a new backdoor targeting Linux systems with the purpose of spying on users.
Dubbed EvilGnome, the threat disguises as a Gnome extension and appears related to the Gamaredon Group, an alleged Russian threat actor. The analyzed sample appears to be a test version that was uploaded to VirusTotal by mistake.
The implant was found to include unfinished keylogging capabilities, as well as comments, symbol names and compilation metadata that isn’t normally found in production versions.
EvilGnome is capable of taking screenshots, stealing files, capturing audio recordings from the user’s microphone, and downloading and executing further modules.
EvilGnome, a rare type of malware with zero detections in VirusTotal, is spying on Linux desktop users by allowing the recording of audio conversations. The malware has infrastructure connections to Russian APT Gamaredon Group.