New HiddenWasp Linux Malware Focused Solely on Achieving Targeted Remote Control

HiddenWasp, a new Linux Threat that is different from other Linux malware focused solely on achieving targeted remote control of infected hosts is on the rise now.

Analyzing recent samples of this new malware, Intezer, in its blog, stated that HiddenWasp's architecture generally consists of three parts.

• A script responsible for injecting the malware onto a clean machine or for updating its existing versions of the threat on an already infected host.

• A rootkit that appeared to use code borrowed from Mirai to lock into several functions.

• A Trojan containing apparent code connections to the Elknot implant that works with the root-kit to remain operational.

The Trojan searches for Linux systems in the targeted network using this mutually beneficial relationship for the purpose of achieving remote control.

Targeted remote control isn't the usual objective of Linux-based malware, these types of digital threats usually pursue one of two other objectives. One of these goals involve launching distributed denial-of-service (DDoS) attacks against targeted systems.

For instance, unixfreaxjp recently discovered new malware called Linux/DDoSMan, which at time of discovery, functioned as a DDoS botnet client installer.

The other common function is mining for crypto-currency. Just after unixfreaxjp's research, Trend Micro observed that recent samples of Bashlite, a malware for enlisting vulnerable Internet of Things (IoT) devices into DDos Botnets, had added both backdoor- related and crypto-mining capabilities.

HiddenWasp threat can be defended by taking help from security professionals and their organizations by using Artificial Intelligence to spot digital attacks that might succeed in escaping rule-based security measures. Additionally, organizations should use a unified endpoint management(UEM) tool to monitor their endpoints for suspicious activity which could be indicative of malware.