Skip to main content

New Malware Designed To Go After Linux Systems

By June 22, 2019May 17th, 2022Cybersecurity

Linux systems aren’t targeted by hackers as often as Windows and iOS-based systems, but they’re certainly not immune.

Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems. The new malware has been dubbed ‘HiddenWasp’.

It bears a number of features in common with another malware strain. It is similar to the Linux version of Winnti, which has gained some notoriety and is a tool used commonly by Chinese hackers.  Whether this new strain was created by the same hackers who make use of Winnti, or a rival group looking to springboard off of Winnti’s success is currently unknown.  In either case, HiddenWasp is hardly the first malware strain to borrow code from other sources.

As to its use, researchers have so far been unable to discover precisely how hackers are spreading their new creation around. They theorize that it is likely installed by the hackers themselves on systems that have already been compromised.

HiddenWasp’s functionality isn’t as robust as some other strains of malware, which indicates that it may still be in an early stage of development.  Even so, it’s capable of uploading and downloading files, running executables and terminal commands, and more. So it’s definitely not a threat that should be taken lightly.

The researchers had these details to add:

“We observed that the HiddenWasp files were uploaded to VirusTotal using a path containing the name of a Chinese-based forensics company known as Shen Zhou Wang Yun Information Technology Co., Ltd.  Furthermore, the malware implants seem to be hosted in servers from a physical server hosting company known as ThinkDream, located in Hong Kong.”

Whether these details are meant to misdirect, or perhaps point to Chinese government involvement in the development of the strain is uncertain at this point. Either way, if you have Linux systems running on your network, be aware that there’s a new threat to keep an eye out for.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.