New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
8,435
Reaction score
6,864
Credits
56,593
This article should be of interest to all Linux users...regardless of their experience, or lack of, with Linux


www.techrepublic.com

Malware Targets Browser Variants, Crypto Wallets & Password Managers

The new Meduza Stealer malware targets 19 password managers, 76 crypto wallets and 97 browser variants. Discover more about the malware.
www.techrepublic.com www.techrepublic.com

This article explicitly states:
The malware was developed to target Windows operating systems.
The section re the targeting of specific Browsers is of interest....the list is quite long.
Does the question of Virtual Machines play any part?...ie can the malware cross from the VM (windows) to the host (Linux) and make a mess of the browser in use there ?
If not....why not ?

Does running an OS inside a VM on that same OS provide security? | TechRepublic

Does running you OS within a virtual machine inside that OS provide any extra security? Does it insulate the host OS and hardware from an attack? Does it
www.techrepublic.com www.techrepublic.com
security.stackexchange.com

How secure are virtual machines really? False sense of security?

I was reading this CompTIA Security+ SYO-201 book, and the author David Prowse claims that: Whichever VM you select, the VM cannot cross the software boundaries set in place. For example, a vi...
security.stackexchange.com security.stackexchange.com
tech.co

The Most Secure OS: What is the Safest OS Available?

We run through the security features, mechanisms, and protocols provided by ChromeOS, Linux, macOS, and Windows, as well as iOS and Android.
tech.co tech.co


In your VM, Windows) what security measures do you have in place to stop things such as Meduza Stealer from thieving your data, browser data,

Do the browsers used in Linux have protection to thwart Meduza.....if it does, what is it, what form does it take, does Linux's inherent security protection, take care of the browsers in use ?
 


Condobloke said:
if it does, what is it, what form does it take,
Click to expand...

Jails. We Linux users conceptually borrowed this from BSD. Our varient is known as 'firejail'.

You've probably seen me rant about it once or twice, or at least suggest folks look into it.

If you want security, that is above and beyond the normal (and very good) protections Linux offers, the answer is almost invariably jails. Applications run in a jail have no access to the rest of the system. They're run in what is effectively an isolated chunk of memory. So, even if malware can break out of the confines of a browser (which is already running in a fairly constrained section of the memory) then they would still have to break out of the jail.

Not even a rowhammer attack is going to get through that.

Well, not when combined with the other protections we have, such as randomized memory space. If the attackers know the actual address used in memory, it gives them a great advantage. Randomizing memory space (Google "ASLR") is a great start at preventing exploits from knowing where they are in the memory space.

So, they can't just throw an exploit up that knows where it is and reads the memory space from a few addresses over. Combine that with a jail and you're REALLY secure from zero-day exploits. Even without the jail, you're still reasonably secure.

Reasonably secure? Yes... Don't enter your password unless you know why the system is prompting you for said password. Don't install dodgy software. If you really want to be secure, stick to the stuff in the default repositories. It's not 100% secure and crap can happen, but there are more eyes on it. If you want to be even more secure, have an isolated system that you can use to test software and updates.

None of us are going to do any of that - but we can start using jails.

I do not do so, but I understand security. Instead, I treat my device as though it's already compromised. I still do most of my banking in person. I do have bank accounts that I can use online and those are attached to accounts that only have so much money in them. My credit union lets me generate single-use debit card numbers and I can assign any name and address to them that I want. I put money in an account every time it runs low and use that account to draw from.

Additionally, my credit score is locked down. If you are a lender and you want to check my credit, the result you'll get is 'do not issue credit'. If I need credit for anything, I unlock it temporarily. This does ding your credit rating a little bit (in the US) but I'm still way over 800, almost at 850.

So, there's the software component and the 'real life' component. You really might want to consider both if you're aiming at relative security. I'd say, and this is just my opinion, the biggest step is to start by considering your device as being compromised from the start. My computer is probably reasonably secure, but I don't treat it like it is.

I'm sorta sorry for the novella, but this is a subject I've been meaning to write about.

Seriously... If you're into security and using Linux, aside from the firewall, look up 'firejail'.

Also, secure your browser... It's old but still works, consider uMatrix. If that doesn't cut it for you, look up another extension known as NoScript.
 
Now that...^^^^^...directly above is a well written, descriptive article for all Linux users, with sound advice.

@KGIII, Thank you.
 
jailkit might be worth looking into as well.
Code: 
Homepage: https://olivier.sessink.nl/jailkit/
Download-Size: 67 KB
APT-Sources: https://deb.debian.org/debian/ unstable/main arm64 Packages
Description: tools to generate chroot jails easily
 Jailkit is a set of utilities to limit user accounts to specific files using
 chroot() and or specific commands. Setting up a chroot shell, a shell limited
 to some specific command or a daemon inside a chroot jail is a lot easier and
 can be automated using these utilities.
 .
 Jailkit is a specialized tool that is developed with a focus on security. It
 will abort in a secure way if the configuration, the system setup or the
 environment is not 100% secure, and it will send useful log messages that
 explain what is wrong to syslog.
 .
 Jailkit is known to be used in network security appliances from several
 leading IT security firms, Internet servers from several large enterprise
 organizations, Internet servers from Internet service providers, as well as
 many smaller companies and private users that need to secure login in services
 or in daemon processes.
 .
 Currently, Jailkit provide jails for cvs, git, scp sftp, ssh, rsync, procmail,
 openvpn, vnc, etc.
 .
 Jailkit make available the following commands: jk_check, jk_chrootlaunch,
 jk_chrootsh, jk_cp, jk_init, jk_jailuser, jk_list, jk_lsh, jk_socketd,
 jk_uchroot, jk_update.

Some other items of interest:
Apparmor
selinux
salsa.debian.org

debian · debian/master · Yves-Alexis Perez / hardening-runtime · GitLab

Configuration files for hardening a default Debian installation
salsa.debian.org salsa.debian.org

Kernel Self Protection Project - Linux Kernel Security Subsystem

kernsec.org kernsec.org

gitlab.com

Matt Taggart / lockdown · GitLab

lockdown debian package
gitlab.com gitlab.com

PrivSec - A practical approach to Privacy and Security
 
craigevil said:
jailkit might be worth looking into as well.
Click to expand...

Will do. I'm vaguely familiar with it and how it works, but I've never done any testing with it. Proper sandboxing is a great step.

I should do some security-related articles, though some would end up being both long and complicated. I'm probably not going to have the skill and experience to really explain it in an approachable way.
 
Condobloke said:
This article should be of interest to all Linux users...regardless of their experience, or lack of, with Linux


www.techrepublic.com

Malware Targets Browser Variants, Crypto Wallets & Password Managers

The new Meduza Stealer malware targets 19 password managers, 76 crypto wallets and 97 browser variants. Discover more about the malware.
www.techrepublic.com www.techrepublic.com

This article explicitly states:
The malware was developed to target Windows operating systems.
The section re the targeting of specific Browsers is of interest....the list is quite long.
Does the question of Virtual Machines play any part?...ie can the malware cross from the VM (windows) to the host (Linux) and make a mess of the browser in use there ?
If not....why not ?

Does running an OS inside a VM on that same OS provide security? | TechRepublic

Does running you OS within a virtual machine inside that OS provide any extra security? Does it insulate the host OS and hardware from an attack? Does it
www.techrepublic.com www.techrepublic.com
security.stackexchange.com

How secure are virtual machines really? False sense of security?

I was reading this CompTIA Security+ SYO-201 book, and the author David Prowse claims that: Whichever VM you select, the VM cannot cross the software boundaries set in place. For example, a vi...
security.stackexchange.com security.stackexchange.com
tech.co

The Most Secure OS: What is the Safest OS Available?

We run through the security features, mechanisms, and protocols provided by ChromeOS, Linux, macOS, and Windows, as well as iOS and Android.
tech.co tech.co


In your VM, Windows) what security measures do you have in place to stop things such as Meduza Stealer from thieving your data, browser data,

Do the browsers used in Linux have protection to thwart Meduza.....if it does, what is it, what form does it take, does Linux's inherent security protection, take care of the browsers in use ?
Click to expand...
Well I think it's time to cut out convinience and delete my Keepass browser extention and delete my Browsercache / cookies and logins. According to Brave I already saved up 5.5GB bandwith just by avoiding trackers
 

Attachments

  • Bildschirmfoto vom 2023-07-14 23-33-59.png
    Bildschirmfoto vom 2023-07-14 23-33-59.png
    112.1 KB · Views: 114
Looked through the article and was unpleasantly surprised to find there all the browsers and password managers I used to use on Windows. Luckily left this OS years ago.
 
Dwane Weber said:
Looked through the article and was unpleasantly surprised to find there all the browsers and password managers I used to use on Windows. Luckily left this OS years ago.
Click to expand...

Why are you running around making inane comments on older threads?

Intended or not, that's how bots and spammers act on the forum. If you're one of those, we're pretty speedy at catching you and removing your content.

If you're not one of those, see the first sentence.
 
Dwane Weber said:
I'm just settling in, replying in threads I find interesting. Or is it forbidden?
Click to expand...

No, not really forbidden, but we generally frown on dredging up old threads. It pings people who may or may not be interested in hearing about it all these months/years later. And, I suppose they could just hit the button to stop notifications, but it's still a pain in the butt.

I like to assume the best, but your behavior is that of a spammer.

I'll explain...

See, if you tried to post a URL in any of your early posts you'd have gone into a queue waiting for a moderator to approve that post.

Spammers know this and will write a bunch of small posts, effortless stuff, and then wait - or sometimes not even wait - before they start spamming, often going back to their original posts to add a URL.

So, you can see why it'd attract my attention.

I'll assume you're harmless.
 
Dwane Weber said:
Does it make those threads worse or irrelevant? I apologize if I offended you. I didn't realize I couldn't reply in threads.
Click to expand...

Nah, you look like a real human. Bots and spammers don't usually respond.

Just be mindful that there are people who won't want to be pinged unless it adds something significant to the older threads. We have plenty of newer stuff, of course.
 
You must log in or register to reply here.

Members online

Total: 856 (members: 4, guests: 852)

Latest posts

Top