Bonum Certa Men Certa

WSL Windows Malware Steals Browser Cookies, Deploys Remote Access Trojan

Guest post by Ryan, reprinted with permission from the original

WSL Windows malware steals browser cookies, deploys Remote Access Trojan.



Microsoft has spent a lot of time and money trying to Embrace, Extend, and Exterminate GNU/Linux. First, they decried it a cancer and Communism.



Then they released seed money for a failing company called SCO to raise all kinds of hell with vexatious litigation, which was the subject of an entire blog following the incident for many years, called Groklaw.



Then they realized that the reason professionals don’t like Windows is that it’s not very technically sound and isn’t powerful enough to actually use for many important tasks.



In fact, even more than a decade ago when I was making my own custom Linux kernels to use on top of Ubuntu, the default number of processors supported by their kernel was 512, and in Windows today, although it supports more than 64 processors today, it becomes such a scheduling disaster, that if you need to run such a system, you probably don’t want to use Windows.



I pared down the Linux kernel because I was just using it on my quad core PC and backporting some graphics code and stuff.



The fundamental reasoning behind the Windows Subsystem for Linux is deeply flawed and shows that Microsoft fundamentally misunderstands the problem that they claim it solves, and maybe they’ve just lost their marbles and don’t realize what decade this is and that they can’t keep trotting out the obsolete Windows battlewagon that’s had its day and isn’t looking so good.



They’ve even lost Paul Thurrott, whose sole income appears to be praising Microsoft on his blog. He’s been writing articles on everything from bashing how pushy their browser Edge is to pointing out what a dog their developer kit for their latest half-assed ARM transition is.



Seriously, they’re trying this again, and it’s barely powerful enough to overcome Windows and run at all (you can look at what people are saying about it running slowly all over the place….too many to list here), so I suppose you can basically forget about x86 software. Some splogs promise Windows on ARM will be “different this time”, but Microsoft seems to be screwing it up the exact same way Windows RT went.



Nobody wanted them because they were wimpy on the specs and didn’t have a strong showing of compatible software.



But back to WSL. Why would anyone use it?



Well, Microsoft’s original botched attempt (retconned as WSL1) was essentially to pay some clowns they have to write a crappy Microsoft approximation of a Linux kernel without really understanding how the Linux kernel worked, and that went as well as it sounds.



So they started over and redid “WSL2” as a real Linux kernel (and a very old one, at that) running on their Hyper-V system. And so it’s basically a virtual machine with integration into the host.



The upsides are that it performs a bit better (but nowhere near as well as GNU/Linux operating systems running natively on the hardware in question) and is more compatible.



The downside is, well, when you implement a “Linux” VM on top of Windows, you don’t give Windows the strengths of “Linux”.



You make a “Linux” system that has the failings of Windows. Namely, that Windows has lousy performance on just about any computer and is absolutely overflowing with malware.



Microsoft is also taking the opportunity to “extend” “Linux” so that applications can use Windows-only technologies that are NOT Linux-compatible.



In this way, it’s basically a rehash of the Microsoft “Java” VM, where they gutted it of all of the cross-platform JAVA stuff and shoved in things that only worked on Windows. But they’ve sharpened their knives a little and they’re doing it in a way where people will not sue them this time.



Whether they comply with the software licenses or not is, at this point, irrelevant, in many cases, because they’ve bought off the foundations that manage major open source infrastructure (and in some cases, rather cheaply. Less than $50,000 got them the Raspberry Pi Foundation cramming Microsoft programs into your Pi…..).



You can’t kill the devil while he’s the one that’s paying the bills.



Microsoft knows this.



So WSL and Influence Peddling are just Phase III of their attack on open source software. This time they say they’re going to “kill us with kindness”. But the emphasis should be on the killing part. Broadly, I group their previous two attempts as trying to pretend it doesn’t exist with the occasional bucket ‘o FUD (Phase I) and then seeding SCO’s meritless lawsuits with a $20 million bailout to a bankrupt company for a “Unixware” license they almost certainly didn’t use anywhere. (Phase II)



Although WSL is a massive new liability for Windows users, as all of these WSL viruses are coming around, Microsoft is trying to “make hay while the sun is shining” from the fact that they’ve added attack surface to their own OS and created a new security nightmare for their own customers, by painting WSL malware as “Linux” and “open source”.



I’ve been using GNU/Linux regularly since Vista came out and chased me away from Windows, but longer than that, and I’ve always felt creeped out when I was running Windows, mainly because there’s so much malware, and not much security other than lip service and theater, and the fact that “SmartScreen” and “Defender”, and “Telemetry” are built-in malware and keyloggers, but I have not felt creeped out when I was running GNU/Linux.



Most of the security problems facing Windows users simply do not affect GNU/Linux unless the user goes through some great effort to install malware through some actions that are both unwise and cautioned against, and as for the “you wake up and it’s just there and all your files are encrypted” issues with Windows, which keep occurring, that also tends not to happen to GNU/Linux for a multitude of reasons.



I’d imagine the fact that there’s 10 times less code in a fully functional GNU/Linux OS, which even comes complete with a freaking office suite that isn’t some idiotic trialware has something to do with that, but it’s also that it’s well documented that open source software has less bugs in general and patches roll out to the users for the critical stuff a lot faster too, and the official package managers check to see that the software you want isn’t tampered with or corrupt, before they install it.



And with Windows, a lot of people go and brick the update system (on purpose) because they never know what broken updates are coming down the pipe, or if their computer will even reboot when it gets done installing them. It happens so often that every month there’s articles about Microsoft pulling back broken updates, in addition to the usual security mess.



Why would anyone trust this company to do something like WSL?



In closing, I’d like to thank Bleeping Computer for calling out Windows and WSL in this. It’s something that just doesn’t happen that often because Microsoft pays “journalists” good money to not have their products and their company associated with the problems they create.



The particular RAT malware that this article talks about displays a pop-up eventually, in Turkish, on the Windows desktop, which translates to “you’re screwed and there’s not much you can do.”.



Well, I hope you have backups.



You can recover from them while you’re installing a different operating system. And then it shouldn’t happen again.



You can do something about this malware today.



You can switch to a robust operating system that is hardened against these kinds of attacks.



But none of those operating systems are from Microsoft.



Windows on ARM is some sort of pipe dream that someone at Microsoft keeps having.



“Wouldn’t it be nice if we could start over on hardware that’s not a complete disaster and get good power efficiency, and not be tied down by this legacy crap?”.



Nice for them maybe, but once you detach Windows from legacy software, there’s no longer any point in running it, and Intel is an inseparable part of that legacy.



The problem for Microsoft is that users are voting with their feet and leaving in droves. Everyone from Statcounter to Pornhub can tell you that.



Calling Windows the future of operating systems is like calling Sears the future of retail.



Recent Techrights' Posts

Apple is the Company of Dictators and Worse
Apple is just another greedy corporation in search of sweatshops and even pedophiles (especially the high-profile ones)
Counting Unhatched Eggs Is Not Counting Chickens
Everything here will persist as normal
The "Infinite Bread"
The biblical story of Jesus feeding the 5,000 has software parallels
In Many Cases and in Many Different Ways, Technology Became Less Durable and Less Reliable Over Time
The "modern" things are more complex. And complexity is a foe or reliability and repair-ability.
Microsoft's LinkedIn is Losing Money, Traffic, and Hope; Now It Wants to Sell Its Users' Lifeblood (and Data)
Let this be a reminder of what social control media really is about
Microsoft Lunduke: Freedom of Speech Means Spreading What I Have to Say and Banning People I Disagree With
4Chan is one he aims for and he is siccing 4Chan trolls at people he doesn't like
Richard Stallman Back at the "Rudolf-Diesel" Hörsal "MW 2001" in About 40 Hours
He spoke there before; there's a very high seating capacity there
 
Links 20/10/2025: Louvre Museum Reveals Weakness, About 7 Million Protest US Turning Into Oligarchy/Monarchy
Links for the day
They Should Have Listened to Techrights Over a Month Earlier (Xubuntu Site Compromised)
we reported this issue about 40 days earlier and nobody did anything about it
Richard Stallman to Give Another Talk Today in Bavaria (Bavarian Academy of Science)
Tomorrow at 6 PM he speaks in Munich
Barry Kauler Explains That Puppy Linux and EasyOS Exclude Systemd to Keep Things Simple
Barry Kauler's Puppy Linux is in the community's hands. He now focuses on EasyOS and more.
Half a Year After Brian Fagioli Got Kicked Out of BetaNews for Slop He's Still Doing LLM Slop and Slop Images Targeting 'Linux' (Plagiarising Original Works)
If the Web gets polluted or flooded by slopfarms such as these, and Slashdot then sends traffic so these slopfarms (Slashdot probably doesn't do this intentionally), then real writers with real knowledge of GNU/Linux will lose the spark for publishing
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 19, 2025
IRC logs for Sunday, October 19, 2025
Campaign of FUD Against Framework Laptops and GNU/Linux (Using Microsoft's Attack on Linux, 'Secure Boot')
Ritual Defamation Cult has turned its attention over to Framework
Liberation From 'The Feed'
They rank things based on the editor's choice/ideology (he or she knows the sponsors, hence the masters)
Microsoft's Killing of Vista 10 Seems to Have Resulted in More Articles About GNU/Linux (But Also FUD)
We not only saw a rise in traffic, we also saw a remarkable rise in the number of articles
Today (a Day Before Richard Stallman Talk at TUM) There's a Patent Propaganda Event at TUM
Perhaps an opportunity for Dr. Stallman to rebut this "invention to patent" nonsense/fantasy (conflating monopolies with innovation)
OpenSource or "Open Source" as a Brand is Dying, Let's Get Back to Talking About Software Freedom
Those of us who actually want to reform the industry and put users in control of their systems/devices will recognise that "Open Source" was selling a lie or got-co-opted by liars
19 Years in Numbers: Techrights' Anniversary Countdown and Retrospective
In 2019 we began improving our workflows and, accordingly/predictably, we became a lot more productive
Slop Turns People Off (LLMs Lack Intelligence, They're Just Plagiarism Powerhouses That Fail to Deliver Any Real, Measurable Value)
"More" (or "MOAR") isn't always better
IBM Red Hat Has Re-calibrated or Adjusted to Bubble Economics, False Promises, and Slop/Plagiarism
This won't end well
Fake Numbers, Fake Claims, Fake Economy, and Media Grifters That Prop Up Fraud
Grifters like The Register MS won't be looked upon kindly after the bubble implodes
For Some, the GNU Web Site is Not Accessible This Week
They seem to have gone into some kind of lock-down mode
Symptoms of Upcoming Microsoft Layoffs in XBox
A crashing franchise
Psychiatrist confession: Germanwings crash & Debian toxic culture recognized before suicides
Reprinted with permission from Daniel Pocock
Gemini Links 19/10/2025: Scentjacking 101, Slop Hype Boosters, and Steam Next Fest
Links for the day
Slopwatch: The Serial Slopper, LinuxSecurity, and Google News
Let's hope slopfarms die as soon as possible
Links 19/10/2025: Cambodia Scam Centres, Slop Hurting Wikipedia Traffic
Links for the day
As Economies Crumble Free as in Beer Will Matter, Not Just Free as in Freedom/Libre (Libertad)
French regions choosing to embrace Software Freedom
25 Years Ago, an Explanation of How Reducing Free Software to 'Apps' Would Interfere With Freedom Goals
there's nothing unreasonable about it
A List of 63 Known Gemini Clients (Software to Browse Geminispace Content With Gemini Protocol)
Not counting browser plugins for Web browsers
Gemini Links 19/10/2025: "Firma Odin Is Transforming" and Bot Attacks While "AFK"
Links for the day
US Government: 6.1% of Site Visitors Use GNU/Linux
GNU/Linux has a considerable share and it is growing
LLM Slop Could Not Rise to Prominence Without Media Complicity and Artificial Hype
Inane garbage disguised as "journalism"
Why the FSF No Longer Recommends Debian, as Explained by Richard Stallman This Month
some weeks ago
All the Latest Half Dozen Articles by Mehedi Hasan (UbuntuPIT) Only Admit at the End That He's Using LLM Slop
Disclosure is OK, but the practice of using slop is not
The 'Modern' Web of Fake Security and Easy Censorship of Whole Domains
Each year it gets worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 18, 2025
IRC logs for Saturday, October 18, 2025
The Term "AI" is Not New and What Today's Media Calls "AI" Isn't Even AI
Only the hype was new... and totally artificial
Gemini Links 18/10/2025: "Planetary Rings", Steam, and PSU Replacement
Links for the day
Defeating LLM Abuse (State-of-the-Art Plagiarism) in the Area of Linux and GNU, Free Software, BSD, Security and So On
The aim is to get them to stop using LLMs to rip off other people's work
Links 18/10/2025: Russell Vought in Charge, US Government Leans to Russia Again
Links for the day
Credit Where It's Due: LinuxConfig.org Quit Doing LLM Slop, Back to Original and Real Articles
We waited for a while to say this, now it seems conclusive
Of Note: UbuntuPIT Aware of Critics of Slop, Adds Disclosure of Use of LLMs
We appreciate the honesty
Links 18/10/2025: Madagascar's President Flees and ICE Arrests Protest Comedian Robby Roadsteamer
Links for the day
Richard Stallman Near the European Patent Office (EPO) in 3 Days From Now
It'll be a good opportunity for patent examiners to listen, ask questions, and maybe greet him in person
From Scholar to Booster of Slop (and Even Slop in His Own Blog)
We're going to keep an eye on future posts of his
End of Vista 10 Also Good News for the BSDs
There are many news sites that recommend trying GNU/Linux this month
What's Wrong With Liking Parrots or Birds as Pets?
They'd demonise people for speaking about freedom, no matter what they say or do
Digital Sanitation Good Practices
leave behind Microsoftism
10 Days Ago Richard Stallman Gave a Long Interview in French (linuxfr.org)
English translation
Science, Not Fast Food/Junk Food
The commercial exploitation of users won't stop until users exercise full control over their software or - more broadly - their computing (including data)
The Free Software Foundation, Which Has Appointed a 43-Year-Old President, is Looking to Add Another Board Member (or Treasurer)
expect the FSF to add more people
Richard Stallman Confirms Next Week's Talk at Technical University of Munich, We Urge EPO Staff to Attend
That's probably late enough for EPO staff to attend after work
Gemini Links 18/10/2025: Notifications and Geminaut
Links for the day
Many Red Hat People Are Leaving, But It'll Be Framed Publicly as Leaving IBM
Similarly, IBM layoffs (or "RAs" as they're called) include Red Hat layoffs
Expect More Waves of Microsoft Layoffs This Month (at Least Two Rounds Confirmed Already)
From what we can gather, assuming the recent rumours about XBox are true, there will be at least 3 waves of Microsoft layoffs this month alone
Security Issues in Cisco and Jenkins Passed Off as "Linux" Problems
Fear, Uncertainty, Doubt (FUD) tactics
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 17, 2025
IRC logs for Friday, October 17, 2025