New malware targets Linux machines to remotely control them


Unlike the Windows cybersecurity environment, the risks to Linux devices are not often addressed in much detail. The assaults are either undetected by the safety processes set out by companies or they are not too serious to be commonly publicized by safety scientists.

However, as pointed out by cybersecurity firm Intezer, malware with sophisticated evasion techniques, which often utilize the already available open source code, do appear on the horizon from time to time. One such recent malware discovered by the firm is HiddenWasp. What makes HiddenWasp pretty dangerous at the moment is the fact that it has a zero detection rate in all popular malware protection systems.

How does HiddenWasp attack Linux machines?

The first step of the HiddenWasp Linux malware involves the running of the initial script for the deployment of malware. The hidden script uses a user named ‘sftp’ with a hardocded password and cleans the system to eradicate older versions of malware in case the machine was already infected.

Further, it proceeds to download an archive file from the server that contains all the components — including the rootkit and the trojan. The script also attempts to add the trojan binary to /etc/rc.local to work even after a reboot.

The rootkit involved in the malware shares lots of similarities with the open source rootkit Azazel. It also shares parts of strings with ChinaZ malware, Adore-ng rootkit, and Mirai malware. Talking about the capabilities of this stealthy Linux malware, it can run commands on the terminal, execute files, download more scripts, etc.

However, security researchers still don’t know the actual infection vector; they suspect that the malware was spread in systems already controlled by the hackers. So, it could be said that HiddenWasp is being used as a secondary payload.

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button