Unlike the Windows cybersecurity environment, the risks to Linux devices are not often addressed in much detail. The assaults are either undetected by the safety processes set out by companies or they are not too serious to be commonly publicized by safety scientists.
However, as pointed out by cybersecurity firm
How does HiddenWasp attack Linux machines?
The first step
Further, it proceeds to download an archive file from the server that contains all the components — including the rootkit and the trojan. The script also attempts to add the trojan binary to /etc/rc.local to work even after a reboot.
The rootkit involved in the malware shares lots of similarities with the open source rootkit Azazel. It also shares parts of strings with ChinaZ malware, Adore-ng rootkit, and Mirai malware. Talking about the capabilities of this stealthy Linux malware, it can run commands on the terminal, execute files, download more scripts, etc.
However, security researchers still don’t know the actual infection vector; they suspect that the malware was spread in systems already controlled by the hackers. So, it could be said that HiddenWasp is being used as a secondary payload.