Hackers hijack systems using Proot isolated file systems

Lakados · Dec 5, 2022

https://www.bleepingcomputer.com/ne...nux-devices-using-proot-isolated-filesystems/

That's not awesome...

Red Falcon · Dec 6, 2022

No, that is not awesome, and the journey of never ending patching continues...

Zarathustra[H] · Dec 6, 2022

This might explain why all of my systems suddenly tir binutils updates?

Patches to those packages are somewhat rare.

ElementDave · Dec 12, 2022

The hackers already had root privileges before the hypothetical attack scenario presented in the article. The use of the utility was nothing more than a convenience.

mouacyk · Dec 12, 2022

user-space implementation of chroot -- what could go wrong

Lakados · Dec 12, 2022

ElementDave said:
The hackers already had root privileges before the hypothetical attack scenario presented in the article. The use of the utility was nothing more than a convenience.

I’m not sure the attack does need root, much of the utilities out there seem self contained and executable at the user level.
The bigger deal stems from the fact it is platform agnostic, self contained and updatable via Dropbox, GoogleDrive, etc… so it is a fire and forget solution.

DogsofJune · Dec 12, 2022

Yikes

MrGuvernment · Dec 12, 2022

Red Falcon said:
No, that is not awesome, and the journey of never ending patching continues...

As noted above, system already has to be comprimised, so your already hosed before this tool even gets installed.

The abuse of PRoot by hackers makes these post-exploitation attacks platform and distribution-agnostic, increasing the chances of success and the threat actors' stealthiness.

Hackers hijack systems using Proot isolated file systems

Lakados

[H]F Junkie

Red Falcon

[H]ard DCOTM December 2023

Zarathustra[H]

Extremely [H]

ElementDave

Limp Gawd

mouacyk

Limp Gawd

Lakados

[H]F Junkie

DogsofJune

Supreme [H]ardness

MrGuvernment

Fully [H]