A new strain of malware called “HiddenWasp” targeting Linux-based systems has been discovered by researchers.
Security firm Intezer observed HiddenWasp is sophisticated and is a trojan “purely used for targeted remote control.” This is different in nature as compared to other Linux-based malware that focuses on DDoS or crypt-mining attacks.
“Evidence shows in high probability that the malware is used in targeted attacks for victims who are already under the attacker’s control, or have gone through a heavy reconnaissance,” said Ignacio Sanmillan of Intezer.
Sanmillan also added the malware code used by HiddenWasp developers adopted a larger amount of code from open source malware (e.g., Mirai and Azazel rootkit) that is publicly available. He also added there were some similarities to Chinese malware families, albeit with low confidence.
“Linux malware may introduce new challenges for the security community that we have not yet seen in other platforms. The fact that this malware manages to stay under the radar should be a wake up call for the security industry to allocate greater efforts or resources to detect these threats,” Sanmillan warned about the Linux-based threats.