OSS News: SysJoker Backdoor, Linux Firmware, LibreOffice Improves, Distro Hopping Choices

Cybersecurity researchers uncovered a vicious new threat that hides as legitimate systems software. Cyber experts must exhaust rigorous analysis to find it in action.

With Linux kernel 5.12 you can update firmware with no reboot required. The last refinement in LibreOffice 7 series paves the way for a new set of features when Series 8 arrives. If that is not enough to satisfy your Linux binge, Canonical is putting a new Snap together.

Check out some of the newest Linux distribution releases to keep distro hoppers happy. One of these may be just what you need to give you new Linux swag: KaOS, Linux Mint, Linux Lite.

‘SysJoker’ Backdoor Targets Linux, Windows, and Mac Too

Intezer research revealed a new multi-platform backdoor — SysJoker — is actively groping around for Linux targets, in addition to Microsoft Windows and Mac computers.

Indications suggest that the SysJoker attack is performed by an advanced threat actor, according to the company’s researchers. Intezer in December found and named a new multi-platform malware. The Linux and Mac versions are fully undetected in VirusTotal. SysJoker’s behavior is similar for all three operating systems.

The team first discovered the new backdoor during an active attack on a Linux-based web server of a leading educational institution. Based on Command and Control (C2) domain registration and samples found in VirusTotal, they estimate that the SysJoker attack was initiated during the second half of 2021.

SysJoker disguises as a system update and generates its C2 by decoding a string retrieved from a text file hosted on Google Drive. During analysis the C2 changed three times, indicating the attacker is active and monitoring for infected machines. Based on victimology and malware’s behavior, Intezer suspects that SysJoker is after specific targets.

Malware, backdoors, and other viruses such as SysJoker often pose as legitimate applications or processes on the target operating system, according to Michael Gibeau, senior application security consultant at nVisium.

“In this case, SysJoker was masquerading as a well-known Intel Common User Interface process ‘igfxCUIService.exe’. Methods of detecting malicious software of this variety often require more rigorous inspection of processes executed on the target operating system,” he told LinuxInsider.

Linux Gets New Firmware Feature

Intel brings a new driver to the 5.17 Linux kernel that will make it possible to update firmware without a reboot. The new firmware feature works only for Linux installations, not Microsoft Windows.

A new patch from Intel for both BIOS and UEFI updates let users complete kernel updates without forcing a reboot. This action is made possible by changing how desktops and servers process the firmware.

It changes the process that previously uploaded the firmware from within the operating system prior to requiring a reboot to transfer the new firmware to the motherboard and flashed it to either the BIOS or UEFI. Now, a new API specification, Platform Firmware Runtime Update and Telemetry or PFRUT, flashes the firmware without the reboot.

Intel refined this work in progress along with changing its former name of Seamless Update to reduce downtime for servers. The new driver update method is designed primarily for system firmware updates to patch critical bugs and security issues. This lets admins patch firmware for critical issues without having to suffer downtime.

LibreOffice 7.2.5 Now Less Buggy

The Document Foundation on Jan. 6 announced a new release and general availability of LibreOffice 7.2.5 as the fifth maintenance update to the latest LibreOffice 7.2 office suite series. This latest update, one month after version 7.2.4 released, is an emergency update to address a critical security vulnerability. In the process, the LibreOffice 7.2.5 update also fixes a total of 90 bugs across all core components of the open-source and cross-platform office suite It also improves document compatibility.

This is the fifth of seven planned maintenance updates for the LibreOffice 7.2 office suite series released in August 2021, with many new features and improvements. Included in the mix are improved interoperability with the MS Office document formats, native support for Apple M1 machines, and various user interface enhancements.

The LibreOffice 7.1 series reached end of life Nov. 30, 2021. The Document Foundation recommends all users upgrade to the LibreOffice 7.2 series, which will be supported until June 12, 2022.

Download the LibreOffice 7.2.5 update here in the DEB and RPM file formats, as well as a source tarball for those who prefer compiling their own LibreOffice instance or for Linux OS maintainers.

The next planned update in the LibreOffice 7.2 series is LibreOffice 7.2.6, which is currently scheduled for release in early March 2022 with more bug fixes and improved document compatibility for those dealing with proprietary document formats, especially from MS Office.

New KaOS Release Welcomes the New Year

The KaOS Linux community made a first-of-the-year entry with a new ISO release of its independently developed GNU/Linux distribution inspired by Arch Linux featuring Qt and the KDE Plasma desktop environment.

This latest release retains the Linux 5.14 kernel series, which reached end of life a couple of months ago. But KaOS Linux 2022.01 arrived with the latest KDE Plasma 5.23.4 desktop environment and the latest KDE Frameworks 5.89 and KDE Gear 21.12 software suites.

KaOS Linux

Also included in the new KaOS Linux ISO release is the Calamares graphical installer (version with support for the Zettabyte File System (ZFS). This implementation coupled with the ZFS userspace utilities from the KaOS repositories works with the Linux-next kernel.

An important change in the KaOS Linux 2022.01 release is the long-term supported, production Nvidia 470.xx proprietary graphics driver series. It replaces the new feature branch Nvidia 495.xx series, which dropped support for Kepler-based cards.

Other key core component updates include GCC 11.2, GNU Binutils 2.73, Glib2 2.70.2, ICU 70.1, Boost 1.77.0, Python 3.9.9, systemd 249.7, Mesa 21.3.3, Vulkan 1.2.203, Wayland 1.20.0, Sudo 1.9.8p2, cURL 7.80.0, OpenLDAP 2.6.0, libffi 3.4.2, as well as Qt 5.15.3, and Qt 6.2.2.

Overall, if you are a fan of Arch Linux and are looking for a solid KDE-based computing platform, KaOS Linux is well worth your testing.

You can download the KaOS 2022.01 ISO here.

Mint Upgrade Offers Several Flavors

Linux Mint 20.3, dubbed Una, rolled out during the first week in January. It is available in both stable release for new users and as an upgrade for current users.

The code is still based on the Ubuntu 20.04 LTS (Focal Fossa) operating system series and includes the same package base as Linux Mint 20.2. That all makes upgrading a simple process without downloading the new ISO images. But if you are new to Linux Mint, downloading a current ISO is the only option.

Una brings a new app to manage your recent and favorite documents, improvements to many of the official Linux Mint apps, and updated packages.

Linux Mint offers a classic desktop experience with many convenient, custom tools, and optional out-of-the-box multimedia support. It also adds a custom desktop and menus, several unique configuration tools, and a web-based package installation interface.

Users can select from Cinnamon, MATE, and XFCE desktop versions. A Linux Mint Debian 4 edition is also available as an alternative to the Ubuntu-based release.

The Cinnamon edition comes with updated software and brings refinements and many new features. The MATE edition is a classic desktop environment that continues where GNOME 2 retired.

MATE runs faster, uses fewer resources and is more stable than Cinnamon. Xfce is a lightweight desktop environment. It does not include as many features as Cinnamon or MATE. Still, it is extremely stable and very light on resource usage.

To upgrade Linux Mint 20.2 to Linux Mint 20.3, first backup your most important files. Then disable the screensaver, upgrade your Cinnamon spices from System Settings, and update your system.

Next, run the Update Manager utility and update it to its latest version. Then go to the Edit menu and click the option to upgrade to Linux Mint 20.3 Una. Follow the screen prompts and press the designated “Next” buttons to proceed with the upgrade process.

New Linux Lite on the Horizon

Linux Lite 5.8 is scheduled for release on Feb. 1, according to an announcement by distro creator and maintainer Jerry Bezencon.

Linux Lite is a beginner-friendly distribution based on Ubuntu’s long-term support (LTS) release running the Xfce desktop. This distro is ideal for Microsoft Windows users. It aims to provide a complete set of applications to assist users with their everyday computing needs, including a full office suite, media players, and other essential daily software.

Still based on the Ubuntu 20.04.3 LTS (Focal Fossa) operating system series from Canonical, this incremental update provides updated components, bug fixes, and many other tweaks and changes. These include an updated Papirus icon theme and nine new wallpapers, along with an updated help manual.

Linux Lite Help Manual

Under the hood, some of the core components have been updated from the upstream Ubuntu 20.04.3 LTS repositories, including Linux 5.4.0-91 kernel and Mozilla Firefox 95.0.1 web browser. Also included are the Mozilla Thunderbird 78.14.0 email and news client, LibreOffice office suite, VLC media player, and GIMP 2.10.18 image editor. Xfce 4.14 is the default desktop environment.

Canonical To Snap Together Packaging Update

Canonical, the developer of Ubuntu Linux, wants to take apart the Snap software packaging and distribution platform for Linux it developed and put it back together again better. That process, which Canonical called system hysteresis, involves fixing an overall lag between desired implementation of code and actual implementation of said code.

Snap makes applications more portable than traditional Linux software. Snap apps are containerized for better security. But the process is fraught with problems that Canonical wants to fix with a new architecture.

Canonical’s “The Future of Snapcraft” blog espouses the goal of breaking up the Snap framework into smaller and modular components. Ideally, the hysteresis delay should be minimal, so programmers are able to make rapid changes and improvements to their applications. The reality is that the Snap architecture in more complex and grows in complexity over time.

Going where no one has gone before is true for spacecraft as well as Snapcraft, according to Canonical. To that goal, Canonical expects you to see quite a few new, interesting, developments in the Snap product “aimed at making things simpler, faster, more robust, and without adversely affecting the user experience.” 

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

  • Snap has been an overall failure. People do not want it, I am not sure this will fix that.
    Flatpak is doing better, but most people still prefer native apps. Ubuntu continues to lose users because of Snap. I am one of those.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Software

LinuxInsider Channels