1907
Well that didn't go as expected...
(programming.dev)
For those who are wondering, yes, Wine is malware compatible so be careful about the EXEs you run!
This happened to me not long ago when I found a monero miner running on my laptop. Being a highly technical person, I feel unbounded shame.
How did you figure out it was running? How did you confirm? Teach me your methods please
It was pretty easy to spot in
htopsince it had really high CPU usage. Plus, the command line args it launched with included the word "Monero" multiple times, so that was a bit of a giveaway hahaI sometimes leave my laptop on, but the monitor turned off when I go to sleep. Sometimes when I wake up, the fans on the laptop will be running full speed, which dies down soon after I turn the monitor on and use the laptop for a little while. Do you think this might be a symptom of some covertware running on my laptop?
Perhaps.
There may be easier ways to test for this, but what comes to mind is if you install your current OS again on another partition and then leave it as you usually do, and see if the fans do the same thing. If they do, it might just be a fault with the fan control or sleep state or something.
If it doesn't happen, I'd assume something fishy is going on. Maybe try and set up a script to log your CPU usage and what's using the most every few minutes. That might catch something?
I've just now had another thought. If it's trying to be covert, maybe just leave your task manager / htop open and don't touch anything for a while, it might think you're afk and start running again. If it doesn't, it could be checking to see if common monitoring tools are running and stopping itself to avoid detection, if that's the case you'll have to be a bit smarter about trying to catch it.
tl;dr Maybe. Run a virus scan if you can, or try and find it yourself if you think you can. If all else fails, nuke the OS and start again.
That makes sense. In the end I guess it depends on what level any malware expects the user to search for it on. Thanks.
I might be able to find a weird service or background app at most. Figuring out what is actually happening is beyond me.
Was it still through WINE? I'd feel bad for the miner as well as it likely couldn't have done the MSR mod so low hashrate lol.
Feeling bad that a scammer couldn't scam hard enough is hilarious. Only in a Linux forum.
Tbf, if you get an OOTB distro infected, that is most definitely user error
If you (somehow) manage to get gentoo or lfs infected, I'd still consider it user error lol
LFS maybe, but gentoo or arch is understandable because you have to set the security up yourself.
Yes it was, I run Zorin (Ubuntu-based) on my laptop.