Bonum Certa Men Certa

WSL Windows Malware Steals Browser Cookies, Deploys Remote Access Trojan

Guest post by Ryan, reprinted with permission from the original

WSL Windows malware steals browser cookies, deploys Remote Access Trojan.



Microsoft has spent a lot of time and money trying to Embrace, Extend, and Exterminate GNU/Linux. First, they decried it a cancer and Communism.



Then they released seed money for a failing company called SCO to raise all kinds of hell with vexatious litigation, which was the subject of an entire blog following the incident for many years, called Groklaw.



Then they realized that the reason professionals don’t like Windows is that it’s not very technically sound and isn’t powerful enough to actually use for many important tasks.



In fact, even more than a decade ago when I was making my own custom Linux kernels to use on top of Ubuntu, the default number of processors supported by their kernel was 512, and in Windows today, although it supports more than 64 processors today, it becomes such a scheduling disaster, that if you need to run such a system, you probably don’t want to use Windows.



I pared down the Linux kernel because I was just using it on my quad core PC and backporting some graphics code and stuff.



The fundamental reasoning behind the Windows Subsystem for Linux is deeply flawed and shows that Microsoft fundamentally misunderstands the problem that they claim it solves, and maybe they’ve just lost their marbles and don’t realize what decade this is and that they can’t keep trotting out the obsolete Windows battlewagon that’s had its day and isn’t looking so good.



They’ve even lost Paul Thurrott, whose sole income appears to be praising Microsoft on his blog. He’s been writing articles on everything from bashing how pushy their browser Edge is to pointing out what a dog their developer kit for their latest half-assed ARM transition is.



Seriously, they’re trying this again, and it’s barely powerful enough to overcome Windows and run at all (you can look at what people are saying about it running slowly all over the place….too many to list here), so I suppose you can basically forget about x86 software. Some splogs promise Windows on ARM will be “different this time”, but Microsoft seems to be screwing it up the exact same way Windows RT went.



Nobody wanted them because they were wimpy on the specs and didn’t have a strong showing of compatible software.



But back to WSL. Why would anyone use it?



Well, Microsoft’s original botched attempt (retconned as WSL1) was essentially to pay some clowns they have to write a crappy Microsoft approximation of a Linux kernel without really understanding how the Linux kernel worked, and that went as well as it sounds.



So they started over and redid “WSL2” as a real Linux kernel (and a very old one, at that) running on their Hyper-V system. And so it’s basically a virtual machine with integration into the host.



The upsides are that it performs a bit better (but nowhere near as well as GNU/Linux operating systems running natively on the hardware in question) and is more compatible.



The downside is, well, when you implement a “Linux” VM on top of Windows, you don’t give Windows the strengths of “Linux”.



You make a “Linux” system that has the failings of Windows. Namely, that Windows has lousy performance on just about any computer and is absolutely overflowing with malware.



Microsoft is also taking the opportunity to “extend” “Linux” so that applications can use Windows-only technologies that are NOT Linux-compatible.



In this way, it’s basically a rehash of the Microsoft “Java” VM, where they gutted it of all of the cross-platform JAVA stuff and shoved in things that only worked on Windows. But they’ve sharpened their knives a little and they’re doing it in a way where people will not sue them this time.



Whether they comply with the software licenses or not is, at this point, irrelevant, in many cases, because they’ve bought off the foundations that manage major open source infrastructure (and in some cases, rather cheaply. Less than $50,000 got them the Raspberry Pi Foundation cramming Microsoft programs into your Pi…..).



You can’t kill the devil while he’s the one that’s paying the bills.



Microsoft knows this.



So WSL and Influence Peddling are just Phase III of their attack on open source software. This time they say they’re going to “kill us with kindness”. But the emphasis should be on the killing part. Broadly, I group their previous two attempts as trying to pretend it doesn’t exist with the occasional bucket ‘o FUD (Phase I) and then seeding SCO’s meritless lawsuits with a $20 million bailout to a bankrupt company for a “Unixware” license they almost certainly didn’t use anywhere. (Phase II)



Although WSL is a massive new liability for Windows users, as all of these WSL viruses are coming around, Microsoft is trying to “make hay while the sun is shining” from the fact that they’ve added attack surface to their own OS and created a new security nightmare for their own customers, by painting WSL malware as “Linux” and “open source”.



I’ve been using GNU/Linux regularly since Vista came out and chased me away from Windows, but longer than that, and I’ve always felt creeped out when I was running Windows, mainly because there’s so much malware, and not much security other than lip service and theater, and the fact that “SmartScreen” and “Defender”, and “Telemetry” are built-in malware and keyloggers, but I have not felt creeped out when I was running GNU/Linux.



Most of the security problems facing Windows users simply do not affect GNU/Linux unless the user goes through some great effort to install malware through some actions that are both unwise and cautioned against, and as for the “you wake up and it’s just there and all your files are encrypted” issues with Windows, which keep occurring, that also tends not to happen to GNU/Linux for a multitude of reasons.



I’d imagine the fact that there’s 10 times less code in a fully functional GNU/Linux OS, which even comes complete with a freaking office suite that isn’t some idiotic trialware has something to do with that, but it’s also that it’s well documented that open source software has less bugs in general and patches roll out to the users for the critical stuff a lot faster too, and the official package managers check to see that the software you want isn’t tampered with or corrupt, before they install it.



And with Windows, a lot of people go and brick the update system (on purpose) because they never know what broken updates are coming down the pipe, or if their computer will even reboot when it gets done installing them. It happens so often that every month there’s articles about Microsoft pulling back broken updates, in addition to the usual security mess.



Why would anyone trust this company to do something like WSL?



In closing, I’d like to thank Bleeping Computer for calling out Windows and WSL in this. It’s something that just doesn’t happen that often because Microsoft pays “journalists” good money to not have their products and their company associated with the problems they create.



The particular RAT malware that this article talks about displays a pop-up eventually, in Turkish, on the Windows desktop, which translates to “you’re screwed and there’s not much you can do.”.



Well, I hope you have backups.



You can recover from them while you’re installing a different operating system. And then it shouldn’t happen again.



You can do something about this malware today.



You can switch to a robust operating system that is hardened against these kinds of attacks.



But none of those operating systems are from Microsoft.



Windows on ARM is some sort of pipe dream that someone at Microsoft keeps having.



“Wouldn’t it be nice if we could start over on hardware that’s not a complete disaster and get good power efficiency, and not be tied down by this legacy crap?”.



Nice for them maybe, but once you detach Windows from legacy software, there’s no longer any point in running it, and Intel is an inseparable part of that legacy.



The problem for Microsoft is that users are voting with their feet and leaving in droves. Everyone from Statcounter to Pornhub can tell you that.



Calling Windows the future of operating systems is like calling Sears the future of retail.



Recent Techrights' Posts

UEFI 9/11 Aftermath - Part III: Mr. 'Secure Boot' (Shim) and His Fake 'Holiday' (Sending My Wife and I Threatening E-mails on 9/11)
despite being on holiday, according to him, he finds time to instruct lawyers to contact my wife
Ron Wyden: Microsoft Should be Held Accountable for Security Breaches (He Has Said This for Years Already, It Never Happens)
Negative media coverage isn't a fine and it does nothing to compensate Microsoft's billions of victims
Disable 'Secure Boot' (If It Lets You)
it doesn't put you in control
Longtime Red Hat Staff: Maybe Just Disable 'Secure Boot'
A refreshing take from Adam Williamson
A Dozen Observations About "UEFI 9/11" Deflections
What we are expected to see, tentatively
 
Links 12/09/2025: Shira Perlmutter is Back, “Software Per Se” Patent Rejections in In re McFadden
Links for the day
Slopwatch: Linux Plagiarism, Slopfarms Still Infesting Google News, Many Images Are Fake
Google is promoting plagiarism
"This Morning Might Turn Out to be an Interesting One for System Admins Who Haven't Updated Their Devices' Secure Boot Certificate" (If They Reboot)
Who asked for this anyway?
Gemini Links 12/09/2025: Metric System, Dumping Windows, and Software Architecture is Dead
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 11, 2025
IRC logs for Thursday, September 11, 2025
Microsoft Admits the Workers Have Lost Trust (Endless Layoffs, 12-13 Rounds of Layoffs This Year), So Now It's Trotting out Its Peter Bright-Like Media Prop Jordan Novet
What they don't want people to pay attention to right now
Links 11/09/2025: Windows TCO and Russian Drones Invading Poland (EU/NATO)
Links for the day
Gemini Links 11/09/2025: xkcd, misfin, and Alhena 5.3.2
Links for the day
Repetition of Last Summer (Microsoft Breaking Dual-Boot Systems)
UEFI 9/11 is about to kick in
UEFI 'Secure Boot' Boiling Frogs (Cannot Turn Off 'Secure Boot')
"MSI laptop is locked on Secure Boot and doesn't allow me to turn it off"
UEFI 9/11 Aftermath - Part IV: The 'Hulk Hogan of UEFI' and His 'Hideout' Holiday (Retreat From Reality)
Let's keep an eye on what matters
UEFI 9/11 Aftermath - Part II: "The SecureBoot Thing Got Out of Hand."
The next few weeks might be... interesting
UEFI 9/11 Aftermath - Part I: "I Believe This Affects Thousands of Devices... Because Multiple Devices I Checked, Whether Client or Server [...] Affected."
Most people aren't even aware that this is happening or about to happen
The UEFI 9/11 - Part X - An Outline of the Series About Microsoft Sabotaging GNU/Linux (With Ramifications to Unfold Online in Coming Weeks as People Reboot)
Today is UEFI 9/11 (9/11/2025)
Culture of silence: Ubisoft harassment convictions, Mozilla, Sylvestre Ledru & Debian make no comment
Reprinted with permission from Daniel Pocock
Links 11/09/2025: "Hey Hi" Ponzi Schemes at Oracle (Unpaid Contracts) and Cindy Cohn is Leaving the EFF
Links for the day
Gemini Links 11/09/2025: Playdate Console, Dichotomy between the Real and the Digital
Links for the day
The Microsoft AstroTurfing and Microsoft-Led Blame-Shifting Tactics Are Ahead of Us
Of course it has nothing to do with security, it's about control, i.e. them controlling everything
Celebrating Assassination is Bad Because It Legitimises Assassination of the People You Like, Too
Condoning or even celebrating political assassinations is bad optics (and taste)
The World's Richest Ponzi Scheme (Faking Value Using Net Waste)
The higher they go the harder they fall
We Could Dual-Boot Back in the 1990s, Why Has This Become So Difficult?
And prone to breakage
Being Conditioned to Accept Unreliable Computer Systems That Fail With Black Screen of Death (BSoD)
Welcome to 2025
Slopwatch: Google News is Still Promoting Many Fake Articles About "Linux", in Effect Rewarding Misinformation and Plagiarism
things continue to deteriorate
New Series: The Coup Against GNU/Linux Has Begun
today, this year in particular, we shall also focus on Secure Boot, which is sold based on a lie and tortures many computer user
New Paper on "BYOVD, but in firmware. Signed UEFI shells, vulnerable modules offer new paths for Secure Boot bypasses."
One might say digital "security theatre"
Links 11/09/2025: Oracle Layoffs, Drunk Pilots in Japan Airlines, US-Korea Tensions Grow
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 10, 2025
IRC logs for Wednesday, September 10, 2025
Xubuntu Site Compromised
Let's hope it is not a security breach
Links 10/09/2025: Retaliation at Facebook and Microsoft Reveals Almost 100 Security Holes
Links for the day
Gemini Links 10/09/2025: Annihilation of Self, The Future Eaters, and Leaving Academia
Links for the day
They Say That People Are Afraid of or Worried About "Hey Hi", But the Worriers Should be the Fools Who Invested in It
At the end of the day nobody should worry more than those who invested their money in this bubble
Harassment evidence: franceinfo's Clara Lainé report on Ubisoft prosecution
Reprinted with permission from Daniel Pocock
Links 10/09/2025: Microsoft Layoffs in "RTO" Clothing and Windows TCO, GitHub TCO
Links for the day
Blaming Everything on China
TikTok works for China. GAFAM works for fascists.
People Get Tired of "Hey Hi" (AI), Unlike the Subservient Money-Obsessed Media That Gets Paid to Pretend This Bubble Still Matters
"crash will be way bigger than dot.com burst in 90s. and that was Internet, actually transformative technology, not this expensive AI toy with direct dependency on the energy input which is not scalable"
Brett Wilson LLP Accepts That the Serial Strangler From Microsoft Filed a Case That Also Implicates My Wife (Everything is Connected)
They used to pretend that there were two separate cases
10 Reasons to Disable (or Enable) UEFI Secure Boot
Tomorrow the "trusted corporation" Microsoft will see a certificate expire
Gemini Links 10/09/2025: Hospital and Large Feeds
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 09, 2025
IRC logs for Tuesday, September 09, 2025
The Bluewashing of Red Hat is Being Completed, Many Staff Understand They'll be Made Redundant
Jim AllowHurst (Whitehurst) is meanwhile promoting Microsoft's agenda from within other companies
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist