Black Lotus Labs uncovers Linux executables deployed as stealth Windows loaders

<i>&quot;WSL is a supplemental feature that runs a Linux image in a near-native environment on Windows, allowing for functionality like command line tools from Linux without the over-head of a virtual machine.&quot;</i><p>But since WSL 2 it does use a VM. According to wikipedia:<p><i>&quot;a real Linux kernel,[4] through a subset of Hyper-V features.&quot;</i> <i>&quot;with a Linux kernel running in a lightweight virtual machine environment.&quot;</i><p>edit: unless they mean user overhead of getting it to work. I kind of read it as performance overhead.

Is WSL still opt-in? Something to be aware of for power users, but most Windows users are never going to know about or figure out how to turn on WSL (at least as of the last time I tried it).

Interesting, though it doesn&#x27;t explain how it&#x27;s invoking WSL. As far as I know, you would need a second part of the payload that invokes WSL and runs the ELF binaries.

How about this. May be this is a bad idea too. Can we have like WSL3, where highly optimised Linux kernel runs on hypervisor. And Ubuntu&#x2F;arch share the kernel using containerised approach. And individual apps too can run using the same workflow? That way we have benefits wrt overhead. Something like electron but they all use the same ringtone instead of a new instance. Again it may be a bad idea, just curious of the benefits.