Researchers Find Malware Hiding in Windows Subsystem for Linux

Black Lotus Labs revealed on Thursday that it’s discovered new malware that uses the Windows Subsystem for Linux (WSL) to avoid being detected by security tools.

WSL debuted in 2016 alongside the Windows 10 Anniversary Update as a way to access GNU and Linux tools without having to boot into a different operating system. It didn’t originally provide true access to the Linux kernel—it used a compatible kernel developed by Microsoft—but that changed when WSL 2 arrived in June 2019.