HiddenWasp was recently discovered by an Intezer security researcher and is considered a highly sophisticated malware that is actively targeting Linux systems. What makes this threat so nefarious is that it is virtually undetectable, as it can bypass all major anti-virus systems. HiddenWasp malware is composed of a user-mode rootkit, a trojan, and an initial deployment script, similar to recent Winnti Linux variants. Intezer noticed that, while most of the malware code is unique, the authors used chunks of code from publicly available repositories, including the Mirai botnet and the Azazel rootkit. The Trojan shares code connections with ChinaZ’s Elknot implant and other ChinaZ malware, suggesting that the author may have used implementations shared on Chinese hacking forums.


May 2019: After Winnti, HiddenWasp malware now targets Linux systems (Cyware)

May 2019: New HiddenWasp malware found targeting Linux systems (ZDNet)

Technical Analysis

May 2019: Intezer researchers provide a technical analysis of HiddenWasp malware here.

Image Source: TripWire