From 3eaf6bb8d0d2ecc09e8ebbad7468786d3262cae5 Mon Sep 17 00:00:00 2001
From: XD_CZ <mandlemankiller@email.cz>
Date: Thu, 8 Jun 2023 14:43:13 +0200
Subject: [PATCH] Add systemd mimicking malware files

---
 src/main/java/me/cortex/jarscanner/Detector.java | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/main/java/me/cortex/jarscanner/Detector.java b/src/main/java/me/cortex/jarscanner/Detector.java
index 3c828f0..6475806 100644
--- a/src/main/java/me/cortex/jarscanner/Detector.java
+++ b/src/main/java/me/cortex/jarscanner/Detector.java
@@ -352,9 +352,16 @@ public static List<String> checkForStage2() {
 
         // linux checks
         if (System.getProperty("os.name").toLowerCase().contains("linux")) {
-            File file = new File("~/.config/.data/lib.jar");
-            if (file.exists()) {
-                suspiciousFilesFound.add(file.getAbsolutePath());
+            String[] linuxMaliciousPaths = {
+                    "~/.config/.data/lib.jar",
+                    "/etc/systemd/system/systemd-utility.service",
+                    "~/.config/systemd/user/systemd-utility.service"
+            };
+            for (String maliciousPath : linuxMaliciousPaths) {
+                File file = new File(maliciousPath);
+                if (file.exists()) {
+                    suspiciousFilesFound.add(file.getAbsolutePath());
+                }
             }
         }