seccomp Archives

Winsage

April 2, 2026

Wine has been translating Windows games to Linux since 1993, but Proton is what made it effortless

Wine is a compatibility layer, not an emulator, that translates Windows API calls into POSIX equivalents, allowing Windows applications to run on Linux. Proton, developed by Valve, builds on Wine and includes additional components like DXVK and VKD3D-Proton to enhance performance for Windows games on Linux through Steam. For Steam users, Proton is recommended for a streamlined gaming experience, while Lutris is suggested for those outside the Steam ecosystem. Wine has been in development since 1993, focusing on recreating the Windows API, but faced challenges with gaming compatibility. Cedega was an early attempt to improve gaming support over Wine but ultimately declined. Valve's development of Proton was motivated by the need for better compatibility for Windows games on Linux, especially highlighted by the launch of the Steam Deck. Wine struggled with synchronization issues and handling direct kernel access by Windows applications, which Proton addressed with seccomp-bpf filters and syscall user dispatch. Both Wine and Proton are crucial to the current state of Linux gaming.

AppWizard

May 20, 2025

Preventing App-Based Threats on Android Devices

By 2025, the Android platform faces increasingly sophisticated app-based threats, including ransomware, fake apps, social engineering, and remote access attacks. Cybercriminals exploit Android's open architecture, prompting the need for advanced security measures. Android's security architecture includes: 1. Google Play Protect: Scans applications before installation using real-time machine learning to detect emerging malware and deceptive tactics. 2. Application Sandboxing: Isolates apps to prevent data access between them, utilizing Linux permissions and SELinux policies. 3. App Signing and Code Integrity: Requires cryptographic signatures for apps, complicating the introduction of rogue certificates and runtime modifications. Advanced protections include Runtime Application Self-Protection (RASP) for high-security apps, which monitors behavior in real time, and secure coding practices that encourage regular code reviews, strong authentication, and data encryption. User vigilance is crucial, emphasizing responsible downloading, limiting permissions, keeping software updated, enabling two-factor authentication, and being cautious with public Wi-Fi. Google continuously updates security measures, ensuring older devices receive new protections, while collaboration with the security community aids in identifying and countering emerging threats.

AppWizard

July 1, 2024

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

- Transparent Tribe continues malware campaign targeting Android users - Group embedding spyware into curated video browsing applications targeting mobile gamers, weapons enthusiasts, and TikTok fans - Campaign dubbed CapraTube delivering spyware called CapraRAT - CapraRAT used in attacks targeting Indian government and military personnel - New malicious APK files identified - CapraRAT abusing permissions to access sensitive data - Malware developers focusing on making the tool more reliable and stable - Snowblind, a novel type of Android banking malware, discovered using seccomp technique to bypass anti-tampering mechanisms - Malware authors in Southeast Asia becoming extremely sophisticated

AppWizard

June 26, 2024

Snowblind is a new Android banking malware abusing a safety tool

Snowblind is a first-of-its-kind Android banking malware that manipulates a Linux kernel safety feature called "seccomp" to bypass security checks and anti-tampering mechanisms. It exploits accessibility services to gain system-level access to an infected device and can disable security features such as two-factor authentication and biometric verification. The malware targets banking Android apps in Southeast Asia and is effective on all modern Android devices. Promon has developed protective measures against Snowblind and other potential variants of seccomp-based attacks.