I have always heard not to use antivirus on Linux but I saw the post about a guy getting a RAT exploit backdoored through wine and it had me thinking should I be using ClamAV or some other antivirus for Linux?
I have always heard not to use antivirus on Linux but I saw the post about a guy getting a RAT exploit backdoored through wine and it had me thinking should I be using ClamAV or some other antivirus for Linux?
The second that they claimed to be able to detect data exfiltration via wireguard is what lost me (even script kiddies use encryption, advance attacks would exfiltrate data in DNS requests or some other exotic method). That and they were not describing a malware infection but an active attack by a person/people who were able to determine what steps that OP was taking and react.
Also, if you think your system is compromised the first thing you do is remove power from the infected machines, you don’t use them to try to determine what is wrong (when the attacker could have just corrupted your tools, or replaced the kernel with a kernel who lies to sys calls., etc)
Felt like reading a bad Mr. Robot fanfic episode.
“We’re in”