HiddenWasp: new malware takes remote control of Linux

by | May 31, 2019

The cybersecurity company Intezer has discovered a new malware targeting Linux systems. HiddenWasp is a Trojan that allows cybercriminals to take remote control of infected machines. At the moment, the most popular malware protection systems are not able to detect this threat.

HiddenWasp executes an initial script to implement the malware. The hidden script uses a user called ‘sftp’ and cleans the system to remove previous versions of malware in case the device is already infected.

Then, it downloads a storage file from the server containing all the components, including the rootkit and the Trojan. The script adds the Trojan to /etc/rc.local so that it works even after the user reboots the system.

Once installed, the attacker can take remote control of the infected terminal and execute code, upload files, download more scripts… According to their analysis, the researchers explained that this malware is spread in systems which are previously controlled by hackers, so it would be used as a secondary load.

The HiddenWasp developers have taken advantage of Open Source multi-malware code, such as Mirai and the Azazel rootkit. It resembles different families of threats from China, but its authorship and origin are still unclear.

You will find more information and a technical analysis of this malware at Intezer Blog.

SHARE

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

On-premises vs. cloud: Which is better for your business?

The choice of technology infrastructure is crucial for the growth and competitiveness of businesses. This article analyzes the advantages and disadvantages of “on-premises” and “cloud computing” models, focusing on aspects such as costs, scalability, security, and management.

Archives


Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content