Embedding Evil Code in a Legitimate Linux Package
Last updated
Last updated
Let's start by downloading a package, in this case I will use an Ubuntu package.
Preferably choose a flash package so, you can trick the user to download it more easily saying that its a system update.
Once you download the package, continue to extract the files of it.
Now we need to extract this file called "control".
Once the control file is extracted copy a file from its directory called control too and move it to a new directory inside the flash-update directory called "DEBIAN".
Inside the DEBIAN directory create a bash backdoor and name it "postinst".
Once you create the postinst file use dpkg to build the deb file.
