Undetectable HiddenWasp backdoor malware hits Linux users, allowing for full control of infected systems
Using code from the famous Mirai worm and the Azazel rootkit, HiddenWasp is a newly discovered malware strain targeting Linux systems.
HiddenWasp is slightly unusual in having Linux in its sights, and the targeted remote control tool is able to avoid detection by all major antivirus software. The malware is described as "sophisticated" as it comprises a deployment script, a trojan and a rootkit. This an advanced backdoor attack tool that allows for complete remote control of a system.
- openSUSE Leap 15.1 Windows Subsystem for Linux distro lands in the Microsoft Store
- Quake II RTX is coming to Windows and Linux -- and you can have it for free
- Kali Linux 2019.2 released with updated kernel and Kali Linux NetHunter
Discovered by security researchers at Intezer, HiddenWasp appears to have been created last month, and bears some similarities to tools created by Chinese hacking groups. Writing about the malware in a blog post, Intezer's Ignacio Sanmillan explains that the infection process involves the creation of a new user account (sftp), seemingly to allow hackers to be able to access the infected system even if HiddenWasp is removed.
At the moment it is not really clear how systems are becoming infected with the malware, leading to the suggestion that HiddenWasp could be a secondary attack on systems that have already been compromised in some other way.
We analyzed every component of HiddenWasp explaining how the rootkit and trojan implants work in parallel with each other in order to enforce persistence in the system.
We have also covered how the different components of HiddenWasp have adapted pieces of code from various open-source projects. Nevertheless, these implants managed to remain undetected.
Linux malware may introduce new challenges for the security community that we have not yet seen in other platforms. The fact that this malware manages to stay under the radar should be a wake up call for the security industry to allocate greater efforts or resources to detect these threats.
Linux malware will continue to become more complex over time and currently even common threats do not have high detection rates, while more sophisticated threats have even lower visibility.
You can read through a detailed analysis of HiddenWasp over on the Intezer blog.