Cybersecurity company Intezer (www.intezer.com) has discovered a nasty piece of sophisticated malware, which it has dubbed ‘HiddenWasp’. It targets Linux systems, and as the company explains, unlike other malware that targets Linux for cryptomining or DDoS attacks HiddenWasp is a trojan that is used to remotely control target systems.
Most worryingly of all, Intezer revealed in a blog post disclosing the existence of the malware (http://bit.ly/LXF252IntezerBlog) that HiddenWasp is still active and has a “zero detection rate in all major anti-virus systems.” The authors behind HiddenWasp have apparently used a large amount of code from publicly available open-source malware, including Mirai and Azazel rootkit.
Unlike Windows malware – which is often carefully written – Intezer says that Linux malware authors do not spend too much effort creating their software, instead picking and choosing from publicly available code. Coupled with the fact that antivirus products for Linux aren’t as resilient as on other platforms (again, according to Intezer), it means these sort of threats can go undetected relatively easily. It’s definitely worth visiting the blog to read an in-depth analysis of how the HiddenWasp trojan works, and it also explains how the community should prevent and respond to the threat.