How secure is Linux in real life? – custom RAT, Ransomware, and Info Stealer
Join our Discord!
https://discord.gg/5uMqSkhKha
In this video I go over how Ubuntu Linux fares against modern attack methods, things attackers would do to gain access to your system, steal your passwords, and encrypt all your files and hold you at ransom.
Windows version of these tests: https://youtu.be/bvc8-GVKAOE
MacOS version of these tests: https://youtu.be/MSNPhLsvWeU
This is for educational purposes only.
Email me at Pat@Cybersecpat.com
Find my blog at https://cybersecpat.com
Shot on iPhone, edited on iPad
mac address
What do you think? Should Linux distros focus on preventing this type of malicious activity? Could they even do that, realistically? How do you tell the difference between legitimate usage and malicious behavior?
For Linux the user is the ant-virus LOL!
In my ubuntu is no /dev/tcp/ . What to do ?
Lots of great info on your channel, thanks! Does the .sh file execute remotely like in Linux Mint I cant run an sh file without enabling it or making executable by default they don't run correct? Curious how all these test would work on the mainstream distros like Fedora 40, Arch or Deb12 by default the Ubuntu forks dont enable the firewall where Fedora 40 does!
Please make similar videos on openbsd and freebsd
Yeah, but you're logged into Ubuntu using a username and password w acess to the home directory. You bypassed the permissions security by doing it to your own computer. I'm not saying it's impossible and it can't happen, but if you didn't have the password and access, your encryption program wouldn't have execution permissions, neither would your external shell.
Can you do another test on something like Fedora
Thanks for the upload. No OS in the world is truly foolproof, not even badware block DNS on your router. The one sitting in front of the computer has to be responsible, always. 🫶
Linux UI is still horrible
Yes if someone with a brain is in your computer it's over and that will always be true. But there is no way to easily do that especially once you turn off ssh server which is silly to even run on a home machine. And even the antivirus won't stop ransomware except by having it in some list so it is pretty useless, and in windows you can skip that too.
If you don't use Debian or Ubuntu, you're already safe.
There are plenty of security applications for Linux (which includes Ubuntu), including anti-virus. Please do your due diligence before putting a video of this quality.
Thanks for the interesting content. Sub'd.
I really love this video, because most of Linux user in different forums just ignorantly feeling safe themself how Linux is safe, but everybody could underestimate the power of social engineering. Yes, Linux is safe and transparent if you know what you're doing, but like myself as a relatively new in Linux its really helpful to understand these possible attack vectors.
It could be nice if you can show how to detect this kind of "looks legit" attacks, especially if I want to use shellscript from other sources (without reviewing the full script), and/or just checking if I already compromised (eg I have an open reverse shell to my OS).
Thank you!
It's really hard to accomodate the use cases some people need, so i suppose having the freedom to sink or swim isn't a great match for some people.
Therefore it can be flexible as things change. There's no proprietary answer within price-point range, not even close.
In fact I'm currently tasked with things my partner is too unfamiliar/impatient with, that would otherwise not go very well…
I'm behind, out-of-the-loop, and forgot what i knew maybe 2 years ago. I'm older now so that's another dimension.
But the ytub tends to serve up content that is way more relevant than ever, so there's room to make a pretty good go of it, given people like you out there. It's very appreciated!
the major point here is the way you download software, if you are downloading things from the official repos you are probably not downloading malware
Did you turned the firewall on for test1? Or it was off? What was the settings for SSH?
Linux assumes it's users aren't idiots who run untrusted code. The reason why there is no real antivirus for Linux is because 99% of your software comes from trusted repositories.
Thanks, Pat! You've illustrated why 1) we should all be skeptical of where we get software; 2) using proper user privileges (don't be root!); 3) having an actual and proper backup/recovery strategy that includes a disconnected, offsite backup volume, and last but not least 4) configure firewall (easy peasy) and move SSH off of port 22! If we do get suckered, and we're all able to be suckered, in the worst case you can reformat, rebuild, and restore from the offsite backup. I looked at using a cloud service and decided to use high capacity hard drives instead. It's just too easy and way cheaper. And I don't have to worry about the cloud service getting hacked. They surely will at some point, and you won't know till long after, if ever.
This is another proof, that linux fanatics are wrong, like always
Teach a man to fish and you are responsible for his fishing exploits.
Hi Pat, you should make videos showing how to secure against RAT, Ransomware, and the Info Stealer
What does "Portmaster" software would helped on this situation?
And that is why you should be careful where you get your software and scripts.
In Windows this is baked into the mallware. So when you add repositories in your Debian (our debian based system).
Be very careful Linux might not be the holey grail.
linux by default is not secure, have add and enable firewall, disable services hat you do not need running, printer, bluetooth, etc..close the open ports..etc ..
ie take time to "lock down" the computer by securing it.
same goes windows etc.. by default it is open brothel house where anyone may come and go he or she likes from the internet 😀
there are free tools to secure and test is it now secure? etc .. 🙂
search hack-browser-data
Ok now do Temple OS and Haiku
The difference is Ubuntu won't let you do that much without the sudo password; even if you have a reverse shell.
I thought it gonna ask you to enter a password or make the file executable, chmod +x.
That was an "OOBOONTOO" system.
"OOBANTOO" doesn't exist.
7:27 can't tell if joke or real
Pat, I watched your video! This is great but sad to see Linux losing at ransomware. I will try to learn why Mac OS needed a password and the others did not. Please keep making videos and the quality is definitely improved!
You will hopefully notice my video and audio quality is drastically improved compared to my previous videos. Trying to make the highest quality content for you fine people as I can. I hope that you see in my future videos this increase in quality!
I use Linux in windows in virtual machine but when I see blue screen OMG i hate this too much so now I was shifted in fully Linux