SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.evilgnome (Back to overview)

EvilGnome

Actor(s): Gamaredon Group


According to Infosec Institute, EvilGnome presents itself to unwitting Linux users as a legitimate GNOME extension. Legitimate extensions help to extend Linux functionality, but instead of a healthy boost in system functionality, EvilGnome begins spying on users with an array of functionalities uncommon for most Linux malware types.

References
2021-11-04Security Service of UkraineSecurity Service of Ukraine
Gamaredon / Armageddon Group: FSB RF Cyber attacks against Ukraine
EvilGnome Pteranodon RMS
2020-06-16IntezerAviygayil Mechtinger
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Cloud Snooper Dacls EvilGnome HiddenWasp MESSAGETAP NOTROBIN QNAPCrypt Winnti
2019-07-17IntezerPaul Litvak
EvilGnome: Rare Malware Spying on Linux Desktop Users
EvilGnome

There is no Yara-Signature yet.