A new malware has been discovered by security researchers which are affecting the Linux systems. The main issue is that unlike the Windows cybersecurity environment, the security threats affecting the Linux systems are neither discussed detail wise nor disclosed openly. And this is the reason Why the hackers remain undetected most of the times.
The malware is being called as HiddenWasp. This malware is rumored to be created by Chinese hackers. The hackers are using this malware as a means to remotely control Linux systems which are infected by the HiddenWasp malware.
The HiddenWasp malware is consist of a rootkit, a trojan and a deployment script running at the beginning. This malware is found to be similar to the recently discovered Winnti malware.
Nacho Sanmillan is a security researcher at Intezer Labs has pointed out several similarities and connections of the HiddenWasp malware with the other Linus malware families. It might be also true that some HiddemWasp code must be taken from other malware source codes. The similarities and connection can be proved by his following statement, “We found some of the environment variables used in an open source rootkit Azazel”.
The researchers added to the above statement, ” In addition, we also see a high rate of shared strings with other ChinaZ malware, reinforcing the possibility that actors behind HiddenWasp may have integrated and modified some MD5 implementation from the Elknot malware that could have been shared in Chinese hacking forums”.
According to Sanmillan, the attacker can take advantage of the HiddenWasp malware and can run commands on the terminal, execute files and programs, run scripts, get access to the local file system, upload and download other files, etc. If you want to find out more details regarding this malware then check out the full technical analysis of this on Intezar blog post.