Friday, May 2, 2025
HomeBackdoor400 Million Windows Computer Vulnerable to "Bashware" Security Software Bypass Attack

400 Million Windows Computer Vulnerable to “Bashware” Security Software Bypass Attack

Published on

SIEM as a Service

Follow Us on Google News

A New Attacking Technique called “Bashware” can able to Bypass all Windows Based Security Software solutions by abusing the New Windows 10 Future called Windows Subsystem for Linux (WSL) and Injecting the Backdoor.

WSL is Compatibility Layer for running Linux binary executable on Windows 10 based Computers that helps to Enable the bash terminal available for Windows OS users.

This Flow can able to allow any Malware’s to bypass the Advanced security solutions, Next Generation Anti Virus software, inspection tools, Anti-Ransomware solutions.

This means that Bashware may potentially affect any of the 400 million computers currently running Windows 10 PC globally.
- Advertisement - Google News

Also Read :  Vault 7 Leaks: CIA Hacking Tool “Angelfire” Secret Document Revealed to Compromise WindowsOS – WikiLeaks

How Does it Bypass the security Futures

Presently Available security software Futures is not that much Effectively Monitoring the processes of Linux Executable’s running on Windows OS.

This will leads to open a backdoor to the hackers and run their Malicious code by abusing the  WSL futures which allow hiding from the current intelligence that is given by the security vendors.

Bashware Technique Mainly abusing the “Netcat” utility Futures that is used for reading and writing to network connections using TCP or UDP.

Netcat has some list of Futures including port scanning, transferring files, and port listening, and also it can be used as a backdoor.

In some case, Security Software like Anti-Virus is not allowed the Netcat Futures to get Executed.

By Default, 1337 port is closed because it leads to create a Backdoor and allow the Trojan services to run on the Windows Computers.

Once Bashware Execute the Malware, then it will Bypass all the security solutions and it will later Enable the WSL Future.

https://www.youtube.com/watch?v=4ki6dbEePaw&feature=youtu.be

End of the Execution will Successfully open the Netcat Listener port(1337) that will helps to Attackers to Open a Backdoor.

Windows Inspection Tools such as Task Manager will not Identify the Malicious Payload Process. Instead of that, it can only show the WSL Loader process.

Advanced Process Monitoring Tool also not Detecting the Malicious Payload Process which is Running behind of the WSL Process.

According to Checkpoint Software, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time but allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms

Security industry to take immediate action and to modify their security solutions to protect against this new method to Mitigate this Actives. Checkpoint Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lazarus Hackers Tamper with Software Packages to Gain Backdoor Access to the Victims Device

A recent investigation conducted by STRIKE, a division of SecurityScorecard, has unveiled the intricate...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

The QSC Loader service DLL named "loader.dll" leverages two distinct methods to obtain the...