At the end of the legendary Trojan war, the Greeks left an offering for the people of Troy – a giant statue of a horse. Marveling at the gift, the Trojans brought the horse within their walls, not realizing it contained a lethal payload: Greek soldiers who would open the gates and let the Greek armies in to destroy the city. In other words, the Trojan horse was not what it appeared to be.
Figure 1: Installing Python tools in VS Code.
In today’s world, the term Trojan horse refers to a program that is not what it appears to be. A Trojan horse is a form of malware that appears to have a legitimate purpose but secretly performs some malicious function. Trojan horse programs are sometimes used to open a backdoor or harvest information for a remote attack. Some Trojan horse apps take the form of ordinary Linux utilities like ps or ls. Others might pass through links sent with email messages.
The increase in Linux’s popularity means malicious actors are also paying more attention, and the spread of harmful software will likely keep apace. Creating malware is often considered a dark art that only criminal hackers and spies truly understand, but the purpose of this article is to show just how easy it is to embed malicious code within an application. Of course, I will not provide any actual malicious code for this experiment. The sample code is just a placeholder for additional commands that an attacker could hide within the container application.
The project consists of two scripts in Python and a simple application in C++. The choice of Python arises from its portability, its ability to produce interpretable code or multi-platform executable packages, and its ease of use, which will allow me to achieve the desired result with just a handful of lines. The example listings are available for download [1].
この記事は Linux Magazine の #293/April 2025: Trojan Horse 版に掲載されています。
7 日間の Magzter GOLD 無料トライアルを開始して、何千もの厳選されたプレミアム ストーリー、9,000 以上の雑誌や新聞にアクセスしてください。
すでに購読者です ? サインイン
この記事は Linux Magazine の #293/April 2025: Trojan Horse 版に掲載されています。
7 日間の Magzter GOLD 無料トライアルを開始して、何千もの厳選されたプレミアム ストーリー、9,000 以上の雑誌や新聞にアクセスしてください。
すでに購読者です? サインイン
MADDOG'S DOGHOUSE
Planning and community effort can help welcome Linux beginners online without precluding more advanced discussions.
Cash as Cash Can
Mike Schilli uses the YNAB tool to keep an eye on his finances. Until recently, YNAB didn't have a terminal Ul programmed in Go, but Mike delivers it here.
Innovator
Re-inventing the Ubuntu experience
Play video games natively on Linux Gaming Your Way
Bazzite, an immutable Linux distro adapted for gaming, lets you play your favorite video games on your PC, handheld, or home theater PC.
Installing mods on Steam Deck Steam Gems
The Steam Deck gaming console offers a galaxy of creative modifications for the games you love to play.
Zack's Kernel News
Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.
System Monitoring
Mission Center, a graphical system monitor, groups all important system statuses in a compact, intuitive interface.
Exploring the Unbound DNS resolver Unbound
The Unbound DNS resolver offers comprehensive security and many other useful features.
MakerSpace
If you need to store long-term historical data, you can cobble together some Arduino modules, sensors, and displays and get them all to talk to an SQL server.
Mix It Up
Solve Bash blind spots by embedding other scripting languages into your Bash scripts to get the features you need. Pete shows you solutions for floating-point math, charting, GUIs, and hardware integration.
