A team of security experts have uncovered the HiddenWasp Linux malware which is actively being spread against victims on a global scale. The available information about it suggests that the criminals may be a Chinese criminal collective and the main goal of the virus is to take over control of the infected hosts.
The HiddenWasp Linux Malware May Be a Chinese Invention
Security reports indicate that a newly discovered threat for Linux systems has been discovered. According to the published information this is a HiddenWasp Linux malware which is composed of three dangerous components: a rootkit, Trojan module and an infection script. The made code analysis shows that it bears a resemblance to other previously detected threats for the Linux operating system. This means that it is very possible that the criminal group is experienced and is probably adept at making malware for various platforms. The other hypothesis is that the group has bought or ordered the virus from the dark web markets.
The way that the threat is distributed is distinct — the files are uploaded to a VirusTotal address containing strings of a Chinese company. The data itself appears to be hosted on a server located in Hong Kong. At the moment the exact distribution technique is not known. The most likely vector is that the malware is downloaded from an already compromised host using either a hacker command or automated. When the infection has been made the HiddenWasp Linux malware can execute various malicious actions:
- Local Filesystem Manipulation — The engine can be used to upload all kinds of file to the victim hosts or hijack any user data, including both personal and system information. This is particularly worrying as this can be used to lead to crimes such as financial theft and identity theft.
- Command Execution — The main engine can automatically launch all kinds of commands including ones with root permissions if such a security bypass is included.
- Additional Payload Delivery — The made infections can be used to install and launch other malware including ransomware and cryptocurrency miners.
- Trojan Operations — The HiddenWasp Linux malware can be used to take over control of the affected computers.
We anticipate that the attacks may continue, at this moment it is not known whether or not the future campaigns will use the same code or an updated version might be created.