Bashware Technique Demonstration
Check Point researchers recently found a new and alarming method that allows any known malware to bypass even the most common security solutions, such as next generation anti-viruses, inspection tools, and anti-ransomware. This technique, dubbed Bashware, leverages a new Windows 10 feature called Subsystem for Linux (WSL), which recently went out of Beta stage and is now a fully supported Windows feature. This feature makes the popular bash terminal available for Windows OS users, and by that allows users to natively run Linux operating system executables on the Windows operating system.
Existing security solutions are still not adapted to monitor processes of Linux executables running on Windows OS, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time. This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms.
To clarify – the problem is that most security solutions aren’t adapted for this feature, it isn’t something a problem with the Microsoft version itself.
We want to work for you