What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system.
Understanding the Attack
While this article uses Linux Mint as an example, the attack takes advantage of an issue in several Linux file managers. The below GIF demonstrates the attack.
Two files are being extracted in the GIF. The first (real_video.mp4) is a real MP4 of a movie trailer. The second file (fake_video.mp4) is a .desktop file, configured to look like an ordinary MP4 in this file manager. What we can't see in the GIF is the Netcat connection being made to the attacker's system when fake_video.mp4 opens. The target believes fake_video.mp4 is legitimate and has no idea the operating system was just compromised.
The .desktop file extension is used in Linux systems to create application launchers. Linux Mint users can list files in the /usr/share/applications/ directory for some examples of this.
$ ls -l /usr/share/applications/*.desktop -rw-r--r-- 1 root root 125 Nov 4 2017 /usr/share/applications/apturl.desktop
-rw-r--r-- 1 root root 8754 Nov 28 04:55 /usr/share/applications/blueberry.desktop
-rw-r--r-- 1 root root 1383 Jan 11 11:41 /usr/share/applications/bluetooth-sendto.desktop
-rw-r--r-- 1 root root 363 Mar 21 09:45 /usr/share/applications/cinnamon2d.desktop
-rw-r--r-- 1 root root 448 Dec 6 05:22 /usr/share/applications/cinnamon-color-panel.desktop
-rw-r--r-- 1 root root 300 Dec 6 05:22 /usr/share/applications/ ..
Support the originator by clicking the read the rest link below.
