SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.evilgnome (Back to overview)

EvilGnome

Actor(s): Gamaredon Group


According to Infosec Institute, EvilGnome presents itself to unwitting Linux users as a legitimate GNOME extension. Legitimate extensions help to extend Linux functionality, but instead of a healthy boost in system functionality, EvilGnome begins spying on users with an array of functionalities uncommon for most Linux malware types.

References
2021-11-04Security Service of UkraineSecurity Service of Ukraine
@techreport{ukraine:20211104:gamaredon:7be7543, author = {Security Service of Ukraine}, title = {{Gamaredon / Armageddon Group: FSB RF Cyber attacks against Ukraine}}, date = {2021-11-04}, institution = {Security Service of Ukraine}, url = {https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf}, language = {English}, urldate = {2022-03-01} } Gamaredon / Armageddon Group: FSB RF Cyber attacks against Ukraine
EvilGnome Pteranodon RMS
2020-06-16IntezerAviygayil Mechtinger
@online{mechtinger:20200616:elf:7057d58, author = {Aviygayil Mechtinger}, title = {{ELF Malware Analysis 101: Linux Threats No Longer an Afterthought}}, date = {2020-06-16}, organization = {Intezer}, url = {https://intezer.com/blog/linux/elf-malware-analysis-101-linux-threats-no-longer-an-afterthought}, language = {English}, urldate = {2020-06-16} } ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Cloud Snooper Dacls EvilGnome HiddenWasp MESSAGETAP NOTROBIN QNAPCrypt Winnti
2019-07-17IntezerPaul Litvak
@online{litvak:20190717:evilgnome:0874eda, author = {Paul Litvak}, title = {{EvilGnome: Rare Malware Spying on Linux Desktop Users}}, date = {2019-07-17}, organization = {Intezer}, url = {https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/}, language = {English}, urldate = {2020-01-10} } EvilGnome: Rare Malware Spying on Linux Desktop Users
EvilGnome

There is no Yara-Signature yet.