Say, you downloaded a pirated game that happened to be malicious, and you run it on linux using compatibility layers like WINE/Proton, does your linux installation get infected?
If you have other apps and games inside that wine prefix they will get infected but no the host machine won’t be affected
Can the malware somehow target the hosting Linux via wine?
at that point it’d be Linux malware
Yes. There’s no sandboxing in Wine/Proton. It’s just another application running with the privileges of the user running it. So it can do anything any other process could do with that user’s credentials. This is one reason why Wine recommends that you never run it as root.
There’s still a layer of abstraction there. Since it requires Wine to run, it wouldn’t be able to run itself in the future unless it’s aware that it’s being run in Wine. Then it would need to set up a way to launch itself via Wine.
How the application is started is a separate question. I don’t know enough about Wine to know if it would install a Windows Service as a user service in systemd or init.d or something like that. But if the app is started it can do anything it wants subject to that user’s permissions.
I would guess that if it could, nobody would program it.
The chances of the scenario is too low. Hacking is a numbers game.
Depends of the hacker.
I suppose some government blackhat could do such thing for a very targeted hack. Still unlikely though.
That’s not true. By default the host filesystem is available in Wine. And even if this feature is disabled there are no active safeguards in Wine to prevent access.
Only Linux file permissions prevent access to Linux system files. But everything your user has access to can be tampered with.
Ransomware is incredibly common and designed to encrypt everything it can touch.
