"Ubuntu 'Command-Not-Found' Tool Could Trick Users Into Installing Rogue Packages"

Researchers at Aqua have discovered that threat actors can use the well-known utility called command-not-found to recommend their own rogue packages and compromise systems running the Ubuntu operating system. Although the command-not-found tool is convenient for suggesting installations for uninstalled commands, attackers can manipulate it through the snap repository, resulting in deceptive recommendations of malicious packages. The utility is installed by default on Ubuntu systems and suggests packages to install in interactive bash sessions when trying to execute unavailable commands. This article continues to discuss the potential exploitation of the command-not-found utility by threat actors.

THN reports "Ubuntu 'Command-Not-Found' Tool Could Trick Users Into Installing Rogue Packages"

Submitted by grigby1

Submitted by Gregory Rigby on