MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
malware
Search

Advanced Linux backdoor found in the wild escaped AV detection

Thursday May 30, 2019. 10:45 PM , from Ars Technica
Enlarge (credit: Jeremy Brooks / Flickr)
Researchers say they’ve discovered an advanced piece of Linux malware that has escaped detection by antivirus products and appears to be actively used in targeted attacks.
HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer’s post went live, the VirusTotal malware service indicated Hidden Wasp wasn’t detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.
Some of the evidence analyzed—including code showing that the computers it infects are already compromised by the same attackers—indicated that HiddenWasp is likely a later stage of malware that gets served to targets of interest who have already been infected by an earlier stage. It’s not clear how many computers have been infected or how any earlier related stages get installed. With the ability to download and execute code, upload files, and perform a variety of other commands, the purpose of the malware appears to be to remotely control the computers it infects. That's different from most Linux malware, which exists to perform denial of service attacks or mine cryptocurrencies.
Read 9 remaining paragraphs | Comments
https://arstechnica.com/?p=1512665
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 07:03 CET