Bonum Certa Men Certa

WSL Windows Malware Steals Browser Cookies, Deploys Remote Access Trojan

Guest post by Ryan, reprinted with permission from the original

WSL Windows malware steals browser cookies, deploys Remote Access Trojan.



Microsoft has spent a lot of time and money trying to Embrace, Extend, and Exterminate GNU/Linux. First, they decried it a cancer and Communism.



Then they released seed money for a failing company called SCO to raise all kinds of hell with vexatious litigation, which was the subject of an entire blog following the incident for many years, called Groklaw.



Then they realized that the reason professionals don’t like Windows is that it’s not very technically sound and isn’t powerful enough to actually use for many important tasks.



In fact, even more than a decade ago when I was making my own custom Linux kernels to use on top of Ubuntu, the default number of processors supported by their kernel was 512, and in Windows today, although it supports more than 64 processors today, it becomes such a scheduling disaster, that if you need to run such a system, you probably don’t want to use Windows.



I pared down the Linux kernel because I was just using it on my quad core PC and backporting some graphics code and stuff.



The fundamental reasoning behind the Windows Subsystem for Linux is deeply flawed and shows that Microsoft fundamentally misunderstands the problem that they claim it solves, and maybe they’ve just lost their marbles and don’t realize what decade this is and that they can’t keep trotting out the obsolete Windows battlewagon that’s had its day and isn’t looking so good.



They’ve even lost Paul Thurrott, whose sole income appears to be praising Microsoft on his blog. He’s been writing articles on everything from bashing how pushy their browser Edge is to pointing out what a dog their developer kit for their latest half-assed ARM transition is.



Seriously, they’re trying this again, and it’s barely powerful enough to overcome Windows and run at all (you can look at what people are saying about it running slowly all over the place….too many to list here), so I suppose you can basically forget about x86 software. Some splogs promise Windows on ARM will be “different this time”, but Microsoft seems to be screwing it up the exact same way Windows RT went.



Nobody wanted them because they were wimpy on the specs and didn’t have a strong showing of compatible software.



But back to WSL. Why would anyone use it?



Well, Microsoft’s original botched attempt (retconned as WSL1) was essentially to pay some clowns they have to write a crappy Microsoft approximation of a Linux kernel without really understanding how the Linux kernel worked, and that went as well as it sounds.



So they started over and redid “WSL2” as a real Linux kernel (and a very old one, at that) running on their Hyper-V system. And so it’s basically a virtual machine with integration into the host.



The upsides are that it performs a bit better (but nowhere near as well as GNU/Linux operating systems running natively on the hardware in question) and is more compatible.



The downside is, well, when you implement a “Linux” VM on top of Windows, you don’t give Windows the strengths of “Linux”.



You make a “Linux” system that has the failings of Windows. Namely, that Windows has lousy performance on just about any computer and is absolutely overflowing with malware.



Microsoft is also taking the opportunity to “extend” “Linux” so that applications can use Windows-only technologies that are NOT Linux-compatible.



In this way, it’s basically a rehash of the Microsoft “Java” VM, where they gutted it of all of the cross-platform JAVA stuff and shoved in things that only worked on Windows. But they’ve sharpened their knives a little and they’re doing it in a way where people will not sue them this time.



Whether they comply with the software licenses or not is, at this point, irrelevant, in many cases, because they’ve bought off the foundations that manage major open source infrastructure (and in some cases, rather cheaply. Less than $50,000 got them the Raspberry Pi Foundation cramming Microsoft programs into your Pi…..).



You can’t kill the devil while he’s the one that’s paying the bills.



Microsoft knows this.



So WSL and Influence Peddling are just Phase III of their attack on open source software. This time they say they’re going to “kill us with kindness”. But the emphasis should be on the killing part. Broadly, I group their previous two attempts as trying to pretend it doesn’t exist with the occasional bucket ‘o FUD (Phase I) and then seeding SCO’s meritless lawsuits with a $20 million bailout to a bankrupt company for a “Unixware” license they almost certainly didn’t use anywhere. (Phase II)



Although WSL is a massive new liability for Windows users, as all of these WSL viruses are coming around, Microsoft is trying to “make hay while the sun is shining” from the fact that they’ve added attack surface to their own OS and created a new security nightmare for their own customers, by painting WSL malware as “Linux” and “open source”.



I’ve been using GNU/Linux regularly since Vista came out and chased me away from Windows, but longer than that, and I’ve always felt creeped out when I was running Windows, mainly because there’s so much malware, and not much security other than lip service and theater, and the fact that “SmartScreen” and “Defender”, and “Telemetry” are built-in malware and keyloggers, but I have not felt creeped out when I was running GNU/Linux.



Most of the security problems facing Windows users simply do not affect GNU/Linux unless the user goes through some great effort to install malware through some actions that are both unwise and cautioned against, and as for the “you wake up and it’s just there and all your files are encrypted” issues with Windows, which keep occurring, that also tends not to happen to GNU/Linux for a multitude of reasons.



I’d imagine the fact that there’s 10 times less code in a fully functional GNU/Linux OS, which even comes complete with a freaking office suite that isn’t some idiotic trialware has something to do with that, but it’s also that it’s well documented that open source software has less bugs in general and patches roll out to the users for the critical stuff a lot faster too, and the official package managers check to see that the software you want isn’t tampered with or corrupt, before they install it.



And with Windows, a lot of people go and brick the update system (on purpose) because they never know what broken updates are coming down the pipe, or if their computer will even reboot when it gets done installing them. It happens so often that every month there’s articles about Microsoft pulling back broken updates, in addition to the usual security mess.



Why would anyone trust this company to do something like WSL?



In closing, I’d like to thank Bleeping Computer for calling out Windows and WSL in this. It’s something that just doesn’t happen that often because Microsoft pays “journalists” good money to not have their products and their company associated with the problems they create.



The particular RAT malware that this article talks about displays a pop-up eventually, in Turkish, on the Windows desktop, which translates to “you’re screwed and there’s not much you can do.”.



Well, I hope you have backups.



You can recover from them while you’re installing a different operating system. And then it shouldn’t happen again.



You can do something about this malware today.



You can switch to a robust operating system that is hardened against these kinds of attacks.



But none of those operating systems are from Microsoft.



Windows on ARM is some sort of pipe dream that someone at Microsoft keeps having.



“Wouldn’t it be nice if we could start over on hardware that’s not a complete disaster and get good power efficiency, and not be tied down by this legacy crap?”.



Nice for them maybe, but once you detach Windows from legacy software, there’s no longer any point in running it, and Intel is an inseparable part of that legacy.



The problem for Microsoft is that users are voting with their feet and leaving in droves. Everyone from Statcounter to Pornhub can tell you that.



Calling Windows the future of operating systems is like calling Sears the future of retail.



Recent Techrights' Posts

Links 25/06/2025: Elon Musk’s Lawyers Caught Lying, WhatsApp Faces More Bans
Links for the day
Wayland Pushers Lose the Argument, Use LLM Slop and Chatbots to Make Up Arguments for IBM
Another new low and low blow
What is "MATA"?
Think of it as GAFAM or "Meta"
WebProNews is a Slopfarm
Please avoid linking to WebProNews
Another "Told You So!": XBox Mass Layoffs at Microsoft (Many Recent Reports Were Chaff and Spin), Many Other Divisions Affected
With mass layoffs at Microsoft the world would be much better
 
Austrian GNU/Linux Usage Up to About 5% as More of Europe Abandons Microsoft
Since inauguration day the Austrian people have adopted more and more of GNU/Linux
Why the "Wayland People" and "Rust People" Will Lose Hearts and Minds (Same Reasons)
Wayland pushers are fast becoming like "Rust People"
5,600 Pages/Articles Per Year
So far this year we've kept all the promises
BetaNews Beginning to Show What Its True Goals Are
The 'new' BetaNews won't be about journalism. It's trying to sell things.
Microsoft Has Lost "The War"
We'll soon see the 9th or 10th wave of Microsoft layoffs in 2025 alone
Slopwatch: A Wreck and a Dreck, "Flooding the Zone With Dreck" or Flooding the Web With Junk
"Slopwatch" continues today because we have many new examples
Links 25/06/2025: Thwarting More Software Patents, Overlap Grows Between EPO Corruption and Illegal Kangaroo Patent Courts in EU
Links for the day
Brian Fagioli Created Another Slopfarm Targeting "Linux" After BetaNews Became a Slopfarm of Phantom Accounts and Pseudonyms
Mr. Fagioli even had slop about a dead Torvalds (hypothetical) as clickbait
Wayland is Perfect, Nobody Can Escape Its Perfection! (Or Not)
Do not form on opinion on Wayland based on politics
Moral Duty for "Linux Sites" to Speak Out Against LLM Slop
My wife has long complained about "Linux bloggers" keeping quiet and thus passive about a growing problem: slop
In Recent Hours Google News Promoted at Least 3 Slopfarms That Relayed Linux Foundation Propaganda Made by Bots or LLM "Bullshit Generators" (as Dr. Stallman Dubbed Them)
Google is circling down the drain and Google News too is hopeless
Linux Journal is a Slopfarm, It's Experimenting With LLM 'Authors'
Is Slashdot next?
Microsoft LinkedIn is Dying and Many More Layoffs Are on the Way
LinkedIn is just a failed acquisition of Microsoft. It causes losses and debt.
Gemini Links 25/06/2025: Combinatorial Music and Self Hosting
Links for the day
Richard Stallman Coming Back to Europe This Autumn to Give More Talks
His last talk in Europe attracted about 400-450 people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 24, 2025
IRC logs for Tuesday, June 24, 2025
Social Control Media, Technology & Catholicism: Synod on Synodality review and feedback
Reprinted with permission from Daniel Pocock
How Many More Women Will Managers at Microsoft Strangle and Tell to Kill Themselves (or Try to Kill)?
The world needs to know what happened
The New BetaNews: 7 New 'Articles', All of Them LLM Slop
BetaNews is basically defunct. Nobody writes there anymore.
statCounter Estimates Only 1 in 300 Iranians Would Use Microsoft for Search
Iranians don't quite trust Microsoft
Gemini Links 24/06/2025: ftpd on FreeBSD and Online Small Web Magazine
Links for the day
Google News Does Great Harm by Promoting Slopfarms as Legitimate News Sites
Slopfarms are sites which are 100% LLM slop
Links 24/06/2025: Trouble at "Open" "AI" and ‘Siarhei is Free’
Links for the day
Gemini Links 24/06/2025: Stimulants and Subscription Costs for DRM
Links for the day
When the Microsoft Aggressors Rely on Several Law Firms ('Attack Dogs', 'Guns for Hire'), Not Just One, Lawyering Up Against Techrights (Acting on Behalf of Americans Against UK Publishers)
From serving customers at some restaurant he has moved on to bullying people with demand letters
Links 24/06/2025: OpenAI [sic] May Soon Die (Too Much Debt) and Social Control Media Accused of Being Misinformation/Disinformation/Propaganda Amplifier
Links for the day
Nirbheek Chauhan in Planet GNOME Explains Why Wayland Pushers Are Losing
"A strange game. The only winning move is not to play."
Polygamy, from Catholic Synod on Synodality to Social Control Media & Debian CyberPolygamy
Reprinted with permission from Daniel Pocock
Only a Third of or 1 in 3 Web-Connected Devices is a Desktop or Laptop, According to statCounter
we can expect Android to widen its lead
The Days Are Getting Shorter, the First Half of 2025 is Almost Over
We're gratified to see significant increase in traffic and also positive feedback on the work we do
Turning GNU/Linux Into a Political Football
X (not the site) is Free software
X Server Still Works for Many People
A lot of people will grow suspicious of Wayland boosters/pushers if they persist and insist on using these tactics
Exactly a Week Ago "BetaNews Staff" Said "Betanews Is Growing Alongside You". Since Then Every Article (All by "Camila Nogueira") Has Been LLM Slop.
BetaNews is basically a slopfarm
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 23, 2025
IRC logs for Monday, June 23, 2025
The "Tarzan Effect" in Compilers and Software
What happens when you forcibly make things 'work', either by hacks or by disregarding warnings (like those that compilers tend to issue)?
Gemini Links 23/06/2025: Mass Tourism, Hair Love, and Google Gemini as a Googlebomb
Links for the day
Law Firm Burgess Mee Does Not Fully Deny Participating in Abusive Litigation for Serial Strangler From Microsoft
I am not unfamiliar with these tactics
The Modus Operandi of Wayland Pushers: Make It Political
do what I say or you're a nazi...
Links 23/06/2025: RFE/RL Contributor Vladyslav Yesypenko Released, Recording Industry Cutbacks
Links for the day
Brett Wilson LLP Solicitors (M): Over 99.9% of Our E-mail is Self-Marketing, We Send You 3.5MB E-mails for Less Than 1KB of Text
Why would tech people entrust legal matters to such people?
Peter Moon's (Computerworld) Interview With Richard Stallman
Stallman: If you want freedom don't follow Linus Torvalds
At What Point Does Outsourcing Constitute Malpractice?
Brett Wilson LLP's new staff page is misleading
United Arab Emirates (UAE) Sailing to GNU/Linux, According to statCounter
countries in that region will quickly learn the price of neglecting digital sovereignty
From Do Your Own Research to Do Your Own Search
The Web is full of garbage; search engines amplify this garbage
More People Moving to Geminispace?
at age 6+ Gemini Protocol seems to have gained some maturity and it seems like more people use it
Permutation in LLMs Does, Inevitably, Change Meanings and Therefore LLMs Cannot Properly Rephrase or Summarise Texts
LLMs lack actual grasp or comprehension of what they spew out
Links 23/06/2025: Many Security Breaches, Population Declines
Links for the day
Gemini Links 23/06/2025: "America at the Crossroads" and OpenWRT Surgery
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 22, 2025
IRC logs for Sunday, June 22, 2025
Pure Dove
Different means different, and sometimes those who "deviate" from "the norm" have a point
Censorship is a Sign of Weakness Which Invites More Censorship Attempts
revolutionaries don't succumb to pressure from bullies
Why It's Unlikely That LLM Slop Will Dominate the Web in the Long Run
Slopfarms will eventually perish (they have no actual value) and "survivors" on the Web will be sites that never depended on search engines and social control media
GNU/Linux in Argentina Now Measured Near 5%
Like in central Europe, they must be seeing an increasingly hostile US
BetaNews is Fake News, Composed by LLM Slop
nothing in BetaNews is written by humans anymore