My settings: Release 22.04.3 LTS, Kernel Linux 6.2.0-37-generic x86_64, MATE 1.26.0
I use wi-fi (with Windows network) at work on Ubuntu-Mate laptop, and after buying hosting and registration of my account at hostinger, as well as automatic (hosting provider mediated) Wordpress installation with hosting provider offered plugins and themes, I noticed an icon in the bottom left of the my Mate desktop, near the Reycle bin icon.
It has the same graphics as "Windows network" icon, present under "Browse Network" subsection in "My computer" section. Upon clicking it opens a "https://wp-themes.com/wp-content/themes/....jpg" url of an image from the assets of my selected WP theme.
chkrootkit found the folllowing suspiscous files:
/usr/lib/libreoffice/share/.registry
/usr/lib/ruby/gems/3.0.0/gems/minitest-5.14.2/.autotest
/usr/lib/ruby/gems/3.0.0/gems/rbs-1.0.4/.rubocop.yml
/usr/lib/ruby/gems/3.0.0/gems/power_assert-1.2.0/.travis.yml
/usr/lib/ruby/vendor_ruby/rubygems/optparse/.document
/usr/lib/ruby/vendor_ruby/rubygems/tsort/.document
/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document
/usr/lib/debug/.build-id
/usr/lib/modules/6.2.0-36-generic/vdso/.build-id
/usr/lib/modules/6.2.0-37-generic/vdso/.build-id
Other chkrootkit items were either 'not found', 'not infected', 'nothing found' or 'no suspect files'.
So apart from false positive libreoffice and apparent kernel builds, there seems to have been ruby installed on my laptop? How can this be possible if I was installing Wordpress (though with 'automatic' hosting provider mediation) in my hostinger account on some provider provided virtual machine?
Is Ubuntu-Mate really secure enough to allow such bs to happen?