Microsoft surprised the technology world last year when it announced that users will be able to run native Linux applications in Windows 10 without virtualization. While this feature is meant to help developers, researchers believe it could be abused by attackers to hide malware from security products.
Researchers from security firm Check Point Software Technologies developed a technique that uses Bash, the Linux command-line interface—or shell—that’s now available in Windows, to make known malware undetectable. They named the result Bashware.
The Windows 10 feature, called the Windows Subsystem for Linux (WSL), tricks Linux applications into believing they’re communicating with the Linux kernel—the core part of the operating system that includes hardware drivers and essential services. In reality, those applications communicate with the WSL, which translates their system calls into equivalents for the Windows kernel.
WSL was first announced in March 2016 and was added as a beta feature in the Windows 10 Anniversary Update, which was released in August 2016. Microsoft announced that it will become a fully supported feature in the upcoming Fall Creators Update.
Submitted by: Arnfried Walbrecht