HiddenWasp

HiddenWasp is a sophisticated malware discovered by Intezer, targeting Linux systems. Unlike common Linux malware, which typically focuses on crypto-mining or Distributed Denial of Service (DDoS) activity, HiddenWasp has different objectives. This malicious software is designed to infiltrate and damage computer systems, often entering undetected through suspicious downloads, emails, or websites. Once inside the system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The authors of HiddenWasp have adopted a significant amount of code from various publicly available open-source malware, including Mirai and the Azazel rootkit. This suggests that the creators have leveraged existing resources to create a more potent threat. Furthermore, the analysis reveals a high rate of shared strings with other known ChinaZ malware, reinforcing the possibility that the actors behind HiddenWasp may have integrated and modified some MD5 implementation from Elknot, potentially shared in Chinese hacking forums. A detailed examination of HiddenWasp's components explains how the rootkit and trojan implants work together to enforce persistence in the infected system. The rootkit provides stealth capabilities, hiding the malware's presence, while the trojan implant allows remote control over the compromised system. Together, these elements make HiddenWasp a formidable threat to Linux systems, necessitating robust cybersecurity measures to prevent infection.