Bashware is a new method that enables any malware to use the new Windows 10 feature named Subsystem for Linux (WSL) to avoid security software (such as anti-ransomware and anti-virus software) installed on the machine.
Since 2016, Microsoft published WSL as a method to run a Linux shell (Bash) inside the Windows 10 operating system. This feature offers the common bash terminal available for Windows operating system users, and in so doing, allows users to run Linux os commands on the Windows operating system.
The Bashware attack has been discovered by security researchers from Check Point, they said that the attack allows malware developers to use Windows 10’s Linux shell to hide malicious operations.
According to Check Point researchers:
“Bashware is so alarming because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products. We tested this technique on most of the leading anti-virus and security products on the market, successfully bypassing them all. This means that Bashware may potentially affect any of the 400 million computers currently running Windows 10 PC globally.”
But, to use Bashware method, attackers require having the admin privileges on the targeted machine. Of course, it’s not a big deal nowadays since attackers can simply obtain admin privileges through phishing attacks or use stolen credentials.