Unlike the Windows cybersecurity ecosystem, the threats concerning the Linux systems aren’t often discussed in much detail. The attacks either go undetected by the security mechanisms laid out by enterprises or they aren’t too severe to be reported widely by the security researchers.
However, as pointed out by cybersecurity firm Intezer, malware with sophisticated evasion techniques, which often utilize the already available open source code, do appear on the horizon from time to time. One such recent malware discovered by the firm is HiddenWasp. What makes HiddenWasp pretty dangerous at the moment is the fact that it has a zero detection rate in all popular malware protection systems.
The rootkit involved in the malware shares lots of similarities with the open source rootkit Azazel. It also shares parts of strings with ChinaZ malware, Adore-ng rootkit, and Mirai malware. Talking about the capabilities of this stealthy Linux malware, it can run commands on the terminal, execute files, download more scripts, etc.
However, security researchers still don’t know the actual infection vector; they suspect that the malware was spread in systems already controlled by the hackers. So, it could be said that HiddenWasp is being used as a secondary payload.
Submitted by: Arnfried Walbrecht