Unlike the Windows cybersecurity ecosystem, the threats concerning the Linux systems aren’t often discussed in much detail. The attacks either go undetected by the security mechanisms laid out by enterprises or they aren’t too severe to be reported widely by the security researchers.
However, as pointed out by cybersecurity firm Intezer, malware with sophisticated evasion techniques, which often utilize the already available open source code, do appear on the horizon from time to time. One such recent malware discovered by the firm is HiddenWasp. What makes HiddenWasp pretty dangerous at the moment is the fact that it has a zero detection rate in all popular malware protection systems.
How does HiddenWasp attack Linux machines?
The first step of the HiddenWasp Linux malware involves the running of the initial script for the deployment of malware. The hidden script uses a user named ‘sftp’ with a hardocded password and cleans the system to eradicate older versions of malware in case the machine was already infected.
Further, it proceeds to download an archive file from the server that contains all the components — including the rootkit and the trojan. The script also attempts to add the trojan binary to /etc/rc.local to work even after a reboot.
The rootkit involved in the malware shares lots of similarities with the open source rootkit Azazel. It also shares parts of strings with ChinaZ malware, Adore-ng rootkit, and Mirai malware. Talking about the capabilities of this stealthy Linux malware, it can run commands on the terminal, ..
Support the originator by clicking the read the rest link below.
