June 3, 2019 By David Bisson < 1 min read

A new threat called HiddenWasp is different from other Linux malware in that it’s focused solely on achieving targeted remote control of infected hosts.

In its analysis of recent samples of this new malware, Intezer found that HiddenWasp’s infrastructure generally consists of three parts:

  1. A script responsible for downloading the malware onto a clean machine or for updating existing versions of the threat on an already infected host.
  2. A rootkit that appeared to use code borrowed from Mirai to hook into several functions.
  3. A Trojan containing apparent code connections to the Elknot implant that worked with the rootkit to remain operational.

Using this mutually beneficial relationship, the Trojan searches for Linux systems in the targeted network for the purpose of achieving remote control.

A Different Type of Linux-Based Malware

Targeted remote control isn’t the usual objective of Linux-based malware. As noted by Intezer, these types of digital threats usually pursue one of two other objectives. One of these goals involves launching distributed denial-of-service (DDoS) attacks against targeted systems. For instance, a security researcher who goes by the name unixfreaxjp recently discovered new malware called Linux/DDoSMan, which, at the time of discovery, functioned as a DDoS botnet client installer.

The other common end is mining for cryptocurrency. Not long after unixfreaxjp’s research, for example, Trend Micro observed that new samples of Bashlite, a malware known for enlisting vulnerable internet of things (IoT) devices into DDoS botnets, had added both cryptomining and backdoor-related capabilities.

How to Defend Against Threats Like HiddenWasp

Security professionals can help their organizations defend against threats like HiddenWasp by using artificial intelligence to spot digital attacks that might succeed in evading rule-based security measures. Additionally, organizations should use a unified endpoint management (UEM) tool to monitor their endpoints for suspicious activity that could be indicative of malware.

More from

DHS awards significant grant to improve tribal cybersecurity

4 min read - The Department of Homeland Security (DHS) has awarded $18.2 million in grants through the Tribal Cybersecurity Grant Program to boost cybersecurity defenses among Native American Indian Tribes. The program takes a big step in addressing the unique digital threats faced by tribal communities — a dedicated effort to improve cybersecurity infrastructure across these regions. The $18.2 million grant is just one component of DHS's broader strategy to enhance national cybersecurity. Administered by the Federal Emergency Management Agency (FEMA) in partnership…

ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

2 min read - After reading about the recent cybersecurity research by Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang, I had questions. While initially impressed that ChatGPT 4 can exploit the vast majority of one-day vulnerabilities, I started thinking about what the results really mean in the grand scheme of cybersecurity. Most importantly, I wondered how a human cybersecurity professional’s results for the same tasks would compare.To get some answers, I talked with Shanchieh Yang, Director of Research at the Rochester Institute…

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes. After the Log4Shell vulnerability, securing open-source software became a top priority for the federal…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today