The starting point of the attack is an email message containing a RAR archive, which includes a file with a maliciously crafted file name: “ziliao2.pdf{echo,<Base64-encoded command>}|{base64,-d}|bash”
Doesn’t it mean that a rar archive contains the malicious file?
It’s worth noting that simply extracting the file from the archive does not trigger execution. Rather, it occurs only when a shell script or command attempts to parse the file name.
It’s also worth saying that as much as I don’t have an antivirus on Linux, and that I’m generally not too worried about malware and viruses, I have backups, follow the 3-2-1 rules, and my OS can be scarified if there is ever a problem.
But I must admit that being infected is not always detectable and taking extra care probably wouldn’t hurt.
Doesn’t it mean that a rar archive contains the malicious file?
Right you are! I’m not sure how that went over my head. Eh, too much morning, too little coffee. Thanks for correcting me.
It’s also worth saying that as much as I don’t have an antivirus on Linux, and that I’m generally not too worried about malware and viruses, I have backups, follow the 3-2-1 rules, and my OS can be scarified if there is ever a problem.
But I must admit that being infected is not always detectable and taking extra care probably wouldn’t hurt.