Researchers suggest Windows Subsystem for Linux (WSL) breeds malware.
WSL-based malware has been popular with attackers since September 2021.
Lumen Technologies stated they've tracked over 100 samples since then.
Complexity and features vary. Others allow threat actors to remotely access devices, execute arbitrary code, steal authentication cookies, or retrieve data.
Some variations constitute stage-one malware, enabling threat actors to snap screenshots and gather system information, experts said.
Malware versions are hard to identify, even being built on public code.