30 May 19, 17:11
Quote:Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems.
Named HiddenWasp, this malware is composed of a user-mode rootkit, a trojan, and an initial deployment script.
The malware has a similar structure to another recently-discovered Linux malware strain -- the Linux version of Winnti, a famous hacking tool used by Chinese state hackers.
In a technical report published today, Nacho Sanmillan, a security researcher at Intezer Labs, highlights several connections and similarities that HiddenWasp shares with other Linux malware families, suggesting that some of HiddenWasp code might have been borrowed.
"We found some of the environment variables used in a open-source rootkit known as Azazel," Sanmillan said.
"In addition, we also see a high rate of shared strings with other known ChinaZ malware, reinforcing the possibility that actors behind HiddenWasp may have integrated and modified some MD5 implementation from [the] Elknot [malware] that could have been shared in Chinese hacking forums," the researcher added.
SOURCE: https://www.zdnet.com/article/new-hidden...x-systems/
![[-]](https://www.geeks.fyi/images/collapse.png)
