HiddenWasp Linux Malware Distributed in a Worldwide Attack Campaign
CYBER NEWS

HiddenWasp Linux Malware Distributed in a Worldwide Attack Campaign

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

A team of security experts have uncovered the HiddenWasp Linux malware which is actively being spread against victims on a global scale. The available information about it suggests that the criminals may be a Chinese criminal collective and the main goal of the virus is to take over control of the infected hosts.




The HiddenWasp Linux Malware May Be a Chinese Invention

Security reports indicate that a newly discovered threat for Linux systems has been discovered. According to the published information this is a HiddenWasp Linux malware which is composed of three dangerous components: a rootkit, Trojan module and an infection script. The made code analysis shows that it bears a resemblance to other previously detected threats for the Linux operating system. This means that it is very possible that the criminal group is experienced and is probably adept at making malware for various platforms. The other hypothesis is that the group has bought or ordered the virus from the dark web markets.

Related:
The Winnti Trojan Horse has been found to have a new iteration as users shave fallen victim to a new Linux version of the malware
Winnti Trojan Horse Linux Version Attacks Computers Worldwide

The way that the threat is distributed is distinct — the files are uploaded to a VirusTotal address containing strings of a Chinese company. The data itself appears to be hosted on a server located in Hong Kong. At the moment the exact distribution technique is not known. The most likely vector is that the malware is downloaded from an already compromised host using either a hacker command or automated. When the infection has been made the HiddenWasp Linux malware can execute various malicious actions:

  • Local Filesystem Manipulation — The engine can be used to upload all kinds of file to the victim hosts or hijack any user data, including both personal and system information. This is particularly worrying as this can be used to lead to crimes such as financial theft and identity theft.
  • Command Execution — The main engine can automatically launch all kinds of commands including ones with root permissions if such a security bypass is included.
  • Additional Payload Delivery — The made infections can be used to install and launch other malware including ransomware and cryptocurrency miners.
  • Trojan Operations — The HiddenWasp Linux malware can be used to take over control of the affected computers.

We anticipate that the attacks may continue, at this moment it is not known whether or not the future campaigns will use the same code or an updated version might be created.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...