New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
9,830
Reaction score
7,898
Credits
67,832
This article should be of interest to all Linux users...regardless of their experience, or lack of, with Linux



This article explicitly states:
The malware was developed to target Windows operating systems.
The section re the targeting of specific Browsers is of interest....the list is quite long.
Does the question of Virtual Machines play any part?...ie can the malware cross from the VM (windows) to the host (Linux) and make a mess of the browser in use there ?
If not....why not ?


In your VM, Windows) what security measures do you have in place to stop things such as Meduza Stealer from thieving your data, browser data,

Do the browsers used in Linux have protection to thwart Meduza.....if it does, what is it, what form does it take, does Linux's inherent security protection, take care of the browsers in use ?
 


if it does, what is it, what form does it take,

Jails. We Linux users conceptually borrowed this from BSD. Our varient is known as 'firejail'.

You've probably seen me rant about it once or twice, or at least suggest folks look into it.

If you want security, that is above and beyond the normal (and very good) protections Linux offers, the answer is almost invariably jails. Applications run in a jail have no access to the rest of the system. They're run in what is effectively an isolated chunk of memory. So, even if malware can break out of the confines of a browser (which is already running in a fairly constrained section of the memory) then they would still have to break out of the jail.

Not even a rowhammer attack is going to get through that.

Well, not when combined with the other protections we have, such as randomized memory space. If the attackers know the actual address used in memory, it gives them a great advantage. Randomizing memory space (Google "ASLR") is a great start at preventing exploits from knowing where they are in the memory space.

So, they can't just throw an exploit up that knows where it is and reads the memory space from a few addresses over. Combine that with a jail and you're REALLY secure from zero-day exploits. Even without the jail, you're still reasonably secure.

Reasonably secure? Yes... Don't enter your password unless you know why the system is prompting you for said password. Don't install dodgy software. If you really want to be secure, stick to the stuff in the default repositories. It's not 100% secure and crap can happen, but there are more eyes on it. If you want to be even more secure, have an isolated system that you can use to test software and updates.

None of us are going to do any of that - but we can start using jails.

I do not do so, but I understand security. Instead, I treat my device as though it's already compromised. I still do most of my banking in person. I do have bank accounts that I can use online and those are attached to accounts that only have so much money in them. My credit union lets me generate single-use debit card numbers and I can assign any name and address to them that I want. I put money in an account every time it runs low and use that account to draw from.

Additionally, my credit score is locked down. If you are a lender and you want to check my credit, the result you'll get is 'do not issue credit'. If I need credit for anything, I unlock it temporarily. This does ding your credit rating a little bit (in the US) but I'm still way over 800, almost at 850.

So, there's the software component and the 'real life' component. You really might want to consider both if you're aiming at relative security. I'd say, and this is just my opinion, the biggest step is to start by considering your device as being compromised from the start. My computer is probably reasonably secure, but I don't treat it like it is.

I'm sorta sorry for the novella, but this is a subject I've been meaning to write about.

Seriously... If you're into security and using Linux, aside from the firewall, look up 'firejail'.

Also, secure your browser... It's old but still works, consider uMatrix. If that doesn't cut it for you, look up another extension known as NoScript.
 
Now that...^^^^^...directly above is a well written, descriptive article for all Linux users, with sound advice.

@KGIII, Thank you.
 
jailkit might be worth looking into as well.
Code:
Homepage: https://olivier.sessink.nl/jailkit/
Download-Size: 67 KB
APT-Sources: https://deb.debian.org/debian/ unstable/main arm64 Packages
Description: tools to generate chroot jails easily
 Jailkit is a set of utilities to limit user accounts to specific files using
 chroot() and or specific commands. Setting up a chroot shell, a shell limited
 to some specific command or a daemon inside a chroot jail is a lot easier and
 can be automated using these utilities.
 .
 Jailkit is a specialized tool that is developed with a focus on security. It
 will abort in a secure way if the configuration, the system setup or the
 environment is not 100% secure, and it will send useful log messages that
 explain what is wrong to syslog.
 .
 Jailkit is known to be used in network security appliances from several
 leading IT security firms, Internet servers from several large enterprise
 organizations, Internet servers from Internet service providers, as well as
 many smaller companies and private users that need to secure login in services
 or in daemon processes.
 .
 Currently, Jailkit provide jails for cvs, git, scp sftp, ssh, rsync, procmail,
 openvpn, vnc, etc.
 .
 Jailkit make available the following commands: jk_check, jk_chrootlaunch,
 jk_chrootsh, jk_cp, jk_init, jk_jailuser, jk_list, jk_lsh, jk_socketd,
 jk_uchroot, jk_update.

Some other items of interest:
Apparmor
selinux



PrivSec - A practical approach to Privacy and Security
 
jailkit might be worth looking into as well.

Will do. I'm vaguely familiar with it and how it works, but I've never done any testing with it. Proper sandboxing is a great step.

I should do some security-related articles, though some would end up being both long and complicated. I'm probably not going to have the skill and experience to really explain it in an approachable way.
 
This article should be of interest to all Linux users...regardless of their experience, or lack of, with Linux



This article explicitly states:
The malware was developed to target Windows operating systems.
The section re the targeting of specific Browsers is of interest....the list is quite long.
Does the question of Virtual Machines play any part?...ie can the malware cross from the VM (windows) to the host (Linux) and make a mess of the browser in use there ?
If not....why not ?


In your VM, Windows) what security measures do you have in place to stop things such as Meduza Stealer from thieving your data, browser data,

Do the browsers used in Linux have protection to thwart Meduza.....if it does, what is it, what form does it take, does Linux's inherent security protection, take care of the browsers in use ?
Well I think it's time to cut out convinience and delete my Keepass browser extention and delete my Browsercache / cookies and logins. According to Brave I already saved up 5.5GB bandwith just by avoiding trackers
 

Attachments

  • Bildschirmfoto vom 2023-07-14 23-33-59.png
    Bildschirmfoto vom 2023-07-14 23-33-59.png
    112.1 KB · Views: 198
Looked through the article and was unpleasantly surprised to find there all the browsers and password managers I used to use on Windows. Luckily left this OS years ago.
 
Looked through the article and was unpleasantly surprised to find there all the browsers and password managers I used to use on Windows. Luckily left this OS years ago.

Why are you running around making inane comments on older threads?

Intended or not, that's how bots and spammers act on the forum. If you're one of those, we're pretty speedy at catching you and removing your content.

If you're not one of those, see the first sentence.
 
I'm just settling in, replying in threads I find interesting. Or is it forbidden?

No, not really forbidden, but we generally frown on dredging up old threads. It pings people who may or may not be interested in hearing about it all these months/years later. And, I suppose they could just hit the button to stop notifications, but it's still a pain in the butt.

I like to assume the best, but your behavior is that of a spammer.

I'll explain...

See, if you tried to post a URL in any of your early posts you'd have gone into a queue waiting for a moderator to approve that post.

Spammers know this and will write a bunch of small posts, effortless stuff, and then wait - or sometimes not even wait - before they start spamming, often going back to their original posts to add a URL.

So, you can see why it'd attract my attention.

I'll assume you're harmless.
 
Does it make those threads worse or irrelevant? I apologize if I offended you. I didn't realize I couldn't reply in threads.

Nah, you look like a real human. Bots and spammers don't usually respond.

Just be mindful that there are people who won't want to be pinged unless it adds something significant to the older threads. We have plenty of newer stuff, of course.
 

Members online


Top