Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems. The new malware has been dubbed ‘HiddenWasp’.
It bears a number of features in common with another malware strain. It is similar to the Linux version of Winnti, which has gained some notoriety and is a tool used commonly by Chinese hackers. Whether this new strain was created by the same hackers who make use of Winnti, or a rival group looking to springboard off of Winnti’s success is currently unknown. In either case, HiddenWasp is hardly the first malware strain to borrow code from other sources.
As to its use, researchers have so far been unable to discover precisely how hackers are spreading their new creation around. They theorize that it is likely installed by the hackers themselves on systems that have already been compromised.
HiddenWasp’s functionality isn’t as robust as some other strains of malware, which indicates that it may still be in an early stage of development. Even so, it’s capable of uploading and downloading files, running executables and terminal commands, and more. So it’s definitely not a threat that should be taken lightly.
The researchers had these details to add:
“We observed that the HiddenWasp files were uploaded to VirusTotal using a path containing the name of a Chinese-based forensics company known as Shen Zhou Wang Yun Information Technology Co., Ltd. Furthermore, the malware implants seem to be hosted in servers from a physical server hosting company known as ThinkDream, located in Hong Kong.”
Whether these details are meant to misdirect, or perhaps point to Chinese government involvement in the development of the strain is uncertain at this point. Either way, if you have Linux systems running on your network, be aware that there’s a new threat to keep an eye out for.