EvilGnome Malware Helps Hackers Spy on Linux Users


Level 85
Thread author
Honorary Member
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Intezer security researchers have discovered a new backdoor targeting Linux systems with the purpose of spying on users.
Dubbed EvilGnome, the threat disguises as a Gnome extension and appears related to the Gamaredon Group, an alleged Russian threat actor. The analyzed sample appears to be a test version that was uploaded to VirusTotal by mistake.

The implant was found to include unfinished keylogging capabilities, as well as comments, symbol names and compilation metadata that isn’t normally found in production versions.

EvilGnome is capable of taking screenshots, stealing files, capturing audio recordings from the user’s microphone, and downloading and executing further modules.