• caglararli@hotmail.com
  • 05386281520

What are some symptoms of malware exfiltrating data in packet captures?

Çağlar Arlı      -    45 Views

What are some symptoms of malware exfiltrating data in packet captures?

I am concerned that my Linux laptop has been compromised with malware that is remotely and regularly monitoring my activity. I ran Wireshark for a day to see if I could find any symptoms of data being exfiltrated (e.g. keylogs, screenshots, livestreams). I understand examining Wireshark logs is not trivial, but are there any obvious signs of suspicious activity one could look for? For example, could an unusual volume or frequency of outbound traffic be an indicator (and if so, what would be considered unusual)?

I realize the best course of action is to completely wipe my system, but I would like to get a better understanding of what is happening first.